Home Explore Help
Sign In
Medowar
/
psa-orderform
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 97924f949c
Branches Tags
psa-orderform
/
admin
/
login.php

login.php 3.8 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113 
  1. <?php
    2. 

  2. require_once __DIR__ . "/../config.php";
    3. 

  3. require_once __DIR__ . "/../includes/functions.php";
    4. 

  4. 

  5. // Handle logout
    6. 

  6. if (isset($_GET["logout"])) {
    7. 

  7.     $_SESSION["admin_logged_in"] = false;
    8. 

  8.     unset($_SESSION["admin_username"]);
    9. 

  9.     session_destroy();
    10. 

  10.     header("Location: login.php");
    11. 

  11.     exit();
    12. 

  12. }
    13. 

  13. 

  14. $error = "";
    15. 

  15. 

  16. if ($_SERVER["REQUEST_METHOD"] === "POST") {
    17. 

  17.     // Validate CSRF token
    18. 

  18.     if (!validateCsrfToken($_POST["csrf_token"] ?? "")) {
    19. 

  19.         $error = "Ungültiges Token. Bitte versuchen Sie es erneut.";
    20. 

  20.     } else {
    21. 

  21.         $username = normalizeAdminUsername($_POST["username"] ?? "");
    22. 

  22.         $password = $_POST["password"] ?? "";
    23. 

  23. 

  24.         $users = getAdminUsers();
    25. 

  25.         if (
    26. 

  26.             isset($users[$username]) &&
    27. 

  27.             password_verify($password, $users[$username])
    28. 

  28.         ) {
    29. 

  29.             $_SESSION["admin_logged_in"] = true;
    30. 

  30.             $_SESSION["admin_username"] = $username;
    31. 

  31.             logAccess("Admin login successful", ["username" => $username]);
    32. 

  32.             header("Location: index.php");
    33. 

  33.             exit();
    34. 

  34.         } else {
    35. 

  35.             logAccess("Admin login failed", ["username" => $username]);
    36. 

  36.             $error = "Benutzername oder Passwort falsch.";
    37. 

  37.         }
    38. 

  38.     }
    39. 

  39. }
    40. 

  40. 

  41. // Redirect if already logged in
    42. 

  42. if (isset($_SESSION["admin_logged_in"]) && $_SESSION["admin_logged_in"]) {
    43. 

  43.     header("Location: index.php");
    44. 

  44.     exit();
    45. 

  45. }
    46. 

  46. ?>
    47. 

  47. <!DOCTYPE html>
    48. 

  48. <html lang="de">
    49. 

  49. <head>
    50. 

  50.     <meta charset="UTF-8">
    51. 

  51.     <meta name="viewport" content="width=device-width, initial-scale=1.0">
    52. 

  52.     <title>Administration - <?php echo escape(SITE_FULL_NAME); ?></title>
    53. 

  53.     <link rel="stylesheet" href="<?php echo escape(
    54. 

  54.         SITE_URL,
    55. 

  55.     ); ?>/assets/css/style.css">
    56. 

  56. </head>
    57. 

  57. <body class="admin-page">
    58. 

  58.     <header class="site-header">
    59. 

  59.         <div class="container header-inner">
    60. 

  60.             <a class="brand" href="<?php echo escape(SITE_URL); ?>/index.php">
    61. 

  61.                 <img class="brand-logo" src="<?php echo escape(
    62. 

  62.                     SITE_URL,
    63. 

  63.                 ); ?>/assets/branding/stadt-freising-logo.png" alt="Wappen der Stadt Freising">
    64. 

  64.                 <div class="brand-text">
    65. 

  65.                     <span class="brand-title"><?php echo escape(
    66. 

  66.                         SITE_NAME,
    67. 

  67.                     ); ?></span>
    68. 

  68.                     <span class="brand-subtitle"><?php echo escape(
    69. 

  69.                         SITE_SERVICE_HEADER,
    70. 

  70.                     ); ?></span>
    71. 

  71.                 </div>
    72. 

  72.             </a>
    73. 

  73.             <a href="<?php echo escape(
    74. 

  74.                 SITE_URL,
    75. 

  75.             ); ?>/index.php" class="btn btn-secondary">Zurück zu <?php echo escape(
    76. 

  76.     SITE_SERVICE_NAME,
    77. 

  77. ); ?></a>
    78. 

  78.         </div>
    79. 

  79.     </header>
    80. 

  80.     <main>
    81. 

  81.         <div class="container container-narrow page-top-gap">
    82. 

  82.             <h2>Administration</h2>
    83. 

  83. 

  84.             <?php if ($error): ?>
    85. 

  85.                 <div class="alert alert-error">
    86. 

  86.                     <?php echo htmlspecialchars($error); ?>
    87. 

  87.                 </div>
    88. 

  88.             <?php endif; ?>
    89. 

  89. 

  90.             <form method="POST" class="panel panel-lg">
    91. 

  91.                 <?php echo csrfField(); ?>
    92. 

  92.                 <div class="form-group">
    93. 

  93.                     <label for="username">Benutzername:</label>
    94. 

  94.                     <input type="text" id="username" name="username" required autofocus>
    95. 

  95.                 </div>
    96. 

  96.                 <div class="form-group">
    97. 

  97.                     <label for="password">Passwort:</label>
    98. 

  98.                     <input type="password" id="password" name="password" required>
    99. 

  99.                 </div>
    100. 

  100.                 <button type="submit" class="btn btn-block">Anmelden</button>
    101. 

  101.             </form>
    102. 

  102. 

  103.             <div class="text-center mt-2">
    104. 

  104.                 <a href="<?php echo escape(
    105. 

  105.                     SITE_URL,
    106. 

  106.                 ); ?>/index.php">Zurück zu <?php echo escape(
    107. 

  107.     SITE_SERVICE_NAME,
    108. 

  108. ); ?></a>
    109. 

  109.             </div>
    110. 

  110.         </div>
    111. 

  111.     </main>
    112. 

  112. </body>
    113. 

  113. </html>
    114.