首頁 探索 說明
登入
Medowar
/
psa-orderform
1
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
目錄樹: 19b12fb381
分支列表 標籤列表
psa-orderform
/
admin
/
login.php

login.php 4.3 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129 
  1. <?php
    2. 

  2. require_once __DIR__ . "/../config.php";
    3. 

  3. require_once __DIR__ . "/../includes/functions.php";
    4. 

  4. 

  5. $error = "";
    6. 

  6. 

  7. // Handle logout via POST + CSRF
    8. 

  8. if ($_SERVER['REQUEST_METHOD'] === "POST" && isset($_POST['logout'])) {
    9. 

  9.     if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
    10. 

  10.         $error = "Ungültiges Token. Bitte versuchen Sie es erneut.";
    11. 

  11.     } else {
    12. 

  12.         $_SESSION = [];
    13. 

  13.         if (ini_get("session.use_cookies")) {
    14. 

  14.             $params = session_get_cookie_params();
    15. 

  15.             setcookie(
    16. 

  16.                 session_name(),
    17. 

  17.                 "",
    18. 

  18.                 time() - 42000,
    19. 

  19.                 $params["path"],
    20. 

  20.                 $params["domain"],
    21. 

  21.                 $params["secure"],
    22. 

  22.                 $params["httponly"],
    23. 

  23.             );
    24. 

  24.         }
    25. 

  25.         session_destroy();
    26. 

  26.         header("Location: login.php");
    27. 

  27.         exit();
    28. 

  28.     }
    29. 

  29. }
    30. 

  30. 

  31. if ($_SERVER['REQUEST_METHOD'] === "POST") {
    32. 

  32.     // Validate CSRF token
    33. 

  33.     if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
    34. 

  34.         $error = "Ungültiges Token. Bitte versuchen Sie es erneut.";
    35. 

  35.     } else {
    36. 

  36.         $username = normalizeAdminUsername($_POST['username'] ?? "");
    37. 

  37.         $password = $_POST['password'] ?? "";
    38. 

  38. 

  39.         $users = getAdminUsers();
    40. 

  40.         if (
    41. 

  41.             isset($users[$username]) &&
    42. 

  42.             password_verify($password, $users[$username])
    43. 

  43.         ) {
    44. 

  44.             session_regenerate_id(true);
    45. 

  45.             $_SESSION['admin_logged_in'] = true;
    46. 

  46.             $_SESSION['admin_username'] = $username;
    47. 

  47.             logAccess("Admin login successful", ["username" => $username]);
    48. 

  48.             header("Location: index.php");
    49. 

  49.             exit();
    50. 

  50.         } else {
    51. 

  51.             logAccess("Admin login failed", ["username" => $username]);
    52. 

  52.             $error = "Benutzername oder Passwort falsch.";
    53. 

  53.         }
    54. 

  54.     }
    55. 

  55. }
    56. 

  56. 

  57. // Redirect if already logged in
    58. 

  58. if (isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in']) {
    59. 

  59.     header("Location: index.php");
    60. 

  60.     exit();
    61. 

  61. }
    62. 

  62. ?>
    63. 

  63. <!DOCTYPE html>
    64. 

  64. <html lang="de">
    65. 

  65. <head>
    66. 

  66.     <meta charset="UTF-8">
    67. 

  67.     <meta name="viewport" content="width=device-width, initial-scale=1.0">
    68. 

  68.     <title>Administration - <?php echo escape(SITE_FULL_NAME); ?></title>
    69. 

  69.     <link rel="stylesheet" href="<?php echo escape(
    70. 

  70.         SITE_URL,
    71. 

  71.     ); ?>/assets/css/style.css">
    72. 

  72. </head>
    73. 

  73. <body class="admin-page">
    74. 

  74.     <header class="site-header">
    75. 

  75.         <div class="container header-inner">
    76. 

  76.             <a class="brand" href="<?php echo escape(SITE_URL); ?>/index.php">
    77. 

  77.                 <img class="brand-logo" src="<?php echo escape(
    78. 

  78.                     SITE_URL,
    79. 

  79.                 ); ?>/assets/branding/stadt-freising-logo.png" alt="Wappen der Stadt Freising">
    80. 

  80.                 <div class="brand-text">
    81. 

  81.                     <span class="brand-title"><?php echo escape(
    82. 

  82.                         SITE_NAME,
    83. 

  83.                     ); ?></span>
    84. 

  84.                     <span class="brand-subtitle"><?php echo escape(
    85. 

  85.                         SITE_SERVICE_HEADER,
    86. 

  86.                     ); ?></span>
    87. 

  87.                 </div>
    88. 

  88.             </a>
    89. 

  89.             <a href="<?php echo escape(
    90. 

  90.                 SITE_URL,
    91. 

  91.             ); ?>/index.php" class="btn btn-secondary">Zurück zu <?php echo escape(
    92. 

  92.     SITE_SERVICE_NAME,
    93. 

  93. ); ?></a>
    94. 

  94.         </div>
    95. 

  95.     </header>
    96. 

  96.     <main>
    97. 

  97.         <div class="container container-narrow page-top-gap">
    98. 

  98.             <h2>Administration</h2>
    99. 

  99. 

  100.             <?php if ($error): ?>
    101. 

  101.                 <div class="alert alert-error">
    102. 

  102.                     <?php echo htmlspecialchars($error); ?>
    103. 

  103.                 </div>
    104. 

  104.             <?php endif; ?>
    105. 

  105. 

  106.             <form method="POST" class="panel panel-lg">
    107. 

  107.                 <?php echo csrfField(); ?>
    108. 

  108.                 <div class="form-group">
    109. 

  109.                     <label for="username">Benutzername:</label>
    110. 

  110.                     <input type="text" id="username" name="username" required autofocus>
    111. 

  111.                 </div>
    112. 

  112.                 <div class="form-group">
    113. 

  113.                     <label for="password">Passwort:</label>
    114. 

  114.                     <input type="password" id="password" name="password" required>
    115. 

  115.                 </div>
    116. 

  116.                 <button type="submit" class="btn btn-block">Anmelden</button>
    117. 

  117.             </form>
    118. 

  118. 

  119.             <div class="text-center mt-2">
    120. 

  120.                 <a href="<?php echo escape(
    121. 

  121.                     SITE_URL,
    122. 

  122.                 ); ?>/index.php">Zurück zu <?php echo escape(
    123. 

  123.     SITE_SERVICE_NAME,
    124. 

  124. ); ?></a>
    125. 

  125.             </div>
    126. 

  126.         </div>
    127. 

  127.     </main>
    128. 

  128. </body>
    129. 

  129. </html>
    130.