melder/admin/login.php

114 lines
3.8 KiB
PHP
Raw Normal View History

2024-02-16 15:35:01 +01:00
<?php
/** *****************************
* Ideenmelder
* Autor: Walter Hupfeld, Hamm
* E-Mail: info@hupfeld-software.de
* Version: 1.0
* Datum: 18.05.2021
2024-02-21 07:55:02 +01:00
* zuletzt bearbeitet: 21.02.2024
2024-02-16 15:35:01 +01:00
******************************** */
2024-02-21 07:55:02 +01:00
// Starte die Session
session_start();
if (isset($_SESSION['district'])) {
$strDistrict=$_SESSION['district'];
}
else {
$strDistrict="";
}
2024-02-16 15:35:01 +01:00
require_once("../config.php");
$boolLogin=true;
if (isset($_POST['login']) && isset($_POST['password'])) {
$strUser = trim($_POST['login']);
$strPassword = trim($_POST['password']);
2024-02-22 17:07:36 +01:00
$strSQL = "SELECT username,passwordhash,district,role FROM user WHERE username='$strUser'";
2024-02-16 15:35:01 +01:00
$result = $db->query($strSQL);
2024-02-17 08:42:54 +01:00
if ($row=$result->fetch(PDO::FETCH_ASSOC)) {
2024-02-22 17:07:36 +01:00
$boolOk = $strDistrict==$row['district'] || $row['role']=="admin";
2024-02-21 19:42:20 +01:00
if (password_verify($strPassword,$row['passwordhash']) && $boolOk) {
2024-02-16 15:35:01 +01:00
$_SESSION['user']=$strUser;
$_SESSION['csrf_token'] = uniqid('', true);
2024-02-22 17:07:36 +01:00
$_SESSION['superadmin'] = $row['role']=="admin";
2024-02-22 17:18:18 +01:00
$db->query("UPDATE `user` SET `lastlogin`= NOW() WHERE `username`='$strUser'");
2024-02-16 15:35:01 +01:00
header ("Location: index.php");
} else {
$boolLogin=false;
}
}
else {
$boolLogin=false;
}
}
?>
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login</title>
<link rel="stylesheet" href="../css/bootstrap.min.css" />
<link rel="stylesheet" href="../css/style.css" />
</head>
<body>
<!-- Navbar -->
<nav class="navbar navbar-expand-md navbar-dark bg-dark fixed-top">
2024-02-21 17:31:41 +01:00
<a class="navbar-brand" href="#"><?=$strTitle?> <?=$strDistrictTitle?></a>
2024-02-16 15:35:01 +01:00
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbars" aria-controls="navbars" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbars">
<ul class="navbar-nav mr-auto">
<li class="nav-item">
<a class="nav-link" href="../index.php?ref=1">Karte</a>
</li>
2024-02-21 07:55:02 +01:00
<li class="nav-item">
<a class="nav-link" href="../liste.php">Liste</a>
</li>
2024-02-16 15:35:01 +01:00
</ul>
</div>
</nav>
<!-- Ende Navbar -->
<div class="container main" style="margin-top:8em;">
<div class="row">
<div class="col-md-5">
<?php if (!$boolLogin): ?>
<div class="alert alert-danger">
<strong>Fehler!</strong> Login nicht erfolgreich!
</div> <br>
<?php endif; ?>
<div class="card">
<div class="card-header">
<h2>Login</h2>
</div>
<div class="card-body">
<form id="login" action="<?=$_SERVER['PHP_SELF']?>" method="post">
<div class="form-group">
<label for="username">Login</label>
<input type="text" name="login" class="form-control" id="username" placeholder="Nutzername" required>
</div>
<div class="form-group">
<label for="password">Password</label>
<input type="password" name="password" class="form-control" id="password" placeholder="Passwort" required>
2024-02-21 07:55:02 +01:00
<input type="hidden" name="district" value="<?=$strDistrict?>">
2024-02-16 15:35:01 +01:00
</div>
<button type="submit" class="btn btn-primary">Absenden</button>
</form>
</div>
</div>
</div>
</div>
2024-02-22 16:34:43 +01:00
<div style="margin-top:5em;">
<a class="btn btn-primary text-white" href="../index.php?ref=1">zurück</a>
</div>
2024-02-16 15:35:01 +01:00
</div>
</body>
</html>