2024-02-16 15:35:01 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/** *****************************
|
|
|
|
* Ideenmelder
|
|
|
|
* Autor: Walter Hupfeld, Hamm
|
|
|
|
* E-Mail: info@hupfeld-software.de
|
|
|
|
* Version: 1.0
|
|
|
|
* Datum: 18.05.2021
|
2024-02-21 07:55:02 +01:00
|
|
|
* zuletzt bearbeitet: 21.02.2024
|
2024-02-16 15:35:01 +01:00
|
|
|
******************************** */
|
|
|
|
|
2024-02-21 07:55:02 +01:00
|
|
|
// Starte die Session
|
|
|
|
session_start();
|
|
|
|
if (isset($_SESSION['district'])) {
|
|
|
|
$strDistrict=$_SESSION['district'];
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$strDistrict="";
|
|
|
|
}
|
2024-02-16 15:35:01 +01:00
|
|
|
require_once("../config.php");
|
|
|
|
$boolLogin=true;
|
|
|
|
|
|
|
|
|
|
|
|
if (isset($_POST['login']) && isset($_POST['password'])) {
|
|
|
|
$strUser = trim($_POST['login']);
|
|
|
|
$strPassword = trim($_POST['password']);
|
2024-02-22 17:07:36 +01:00
|
|
|
$strSQL = "SELECT username,passwordhash,district,role FROM user WHERE username='$strUser'";
|
2024-02-16 15:35:01 +01:00
|
|
|
$result = $db->query($strSQL);
|
2024-02-17 08:42:54 +01:00
|
|
|
if ($row=$result->fetch(PDO::FETCH_ASSOC)) {
|
2024-02-22 17:07:36 +01:00
|
|
|
$boolOk = $strDistrict==$row['district'] || $row['role']=="admin";
|
2024-02-21 19:42:20 +01:00
|
|
|
if (password_verify($strPassword,$row['passwordhash']) && $boolOk) {
|
2024-02-16 15:35:01 +01:00
|
|
|
$_SESSION['user']=$strUser;
|
|
|
|
$_SESSION['csrf_token'] = uniqid('', true);
|
2024-02-22 17:07:36 +01:00
|
|
|
$_SESSION['superadmin'] = $row['role']=="admin";
|
2024-02-22 17:18:18 +01:00
|
|
|
$db->query("UPDATE `user` SET `lastlogin`= NOW() WHERE `username`='$strUser'");
|
2024-02-16 15:35:01 +01:00
|
|
|
header ("Location: index.php");
|
|
|
|
} else {
|
|
|
|
$boolLogin=false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$boolLogin=false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
?>
|
|
|
|
<!DOCTYPE html>
|
|
|
|
<html lang="de">
|
|
|
|
|
|
|
|
<head>
|
|
|
|
<meta charset="UTF-8">
|
|
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
|
|
<title>Login</title>
|
|
|
|
<link rel="stylesheet" href="../css/bootstrap.min.css" />
|
|
|
|
<link rel="stylesheet" href="../css/style.css" />
|
|
|
|
</head>
|
|
|
|
<body>
|
|
|
|
|
|
|
|
<!-- Navbar -->
|
|
|
|
<nav class="navbar navbar-expand-md navbar-dark bg-dark fixed-top">
|
2024-02-21 17:31:41 +01:00
|
|
|
<a class="navbar-brand" href="#"><?=$strTitle?> <?=$strDistrictTitle?></a>
|
2024-02-16 15:35:01 +01:00
|
|
|
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbars" aria-controls="navbars" aria-expanded="false" aria-label="Toggle navigation">
|
|
|
|
<span class="navbar-toggler-icon"></span>
|
|
|
|
</button>
|
|
|
|
<div class="collapse navbar-collapse" id="navbars">
|
|
|
|
<ul class="navbar-nav mr-auto">
|
|
|
|
<li class="nav-item">
|
|
|
|
<a class="nav-link" href="../index.php?ref=1">Karte</a>
|
|
|
|
</li>
|
2024-02-21 07:55:02 +01:00
|
|
|
<li class="nav-item">
|
|
|
|
<a class="nav-link" href="../liste.php">Liste</a>
|
|
|
|
</li>
|
2024-02-16 15:35:01 +01:00
|
|
|
</ul>
|
|
|
|
</div>
|
|
|
|
</nav>
|
|
|
|
<!-- Ende Navbar -->
|
|
|
|
|
|
|
|
<div class="container main" style="margin-top:8em;">
|
|
|
|
<div class="row">
|
|
|
|
<div class="col-md-5">
|
|
|
|
|
|
|
|
<?php if (!$boolLogin): ?>
|
|
|
|
<div class="alert alert-danger">
|
|
|
|
<strong>Fehler!</strong> Login nicht erfolgreich!
|
|
|
|
</div> <br>
|
|
|
|
<?php endif; ?>
|
|
|
|
|
|
|
|
<div class="card">
|
|
|
|
<div class="card-header">
|
|
|
|
<h2>Login</h2>
|
|
|
|
</div>
|
|
|
|
<div class="card-body">
|
|
|
|
<form id="login" action="<?=$_SERVER['PHP_SELF']?>" method="post">
|
|
|
|
<div class="form-group">
|
|
|
|
<label for="username">Login</label>
|
|
|
|
<input type="text" name="login" class="form-control" id="username" placeholder="Nutzername" required>
|
|
|
|
</div>
|
|
|
|
<div class="form-group">
|
|
|
|
<label for="password">Password</label>
|
|
|
|
<input type="password" name="password" class="form-control" id="password" placeholder="Passwort" required>
|
2024-02-21 07:55:02 +01:00
|
|
|
<input type="hidden" name="district" value="<?=$strDistrict?>">
|
2024-02-16 15:35:01 +01:00
|
|
|
</div>
|
|
|
|
<button type="submit" class="btn btn-primary">Absenden</button>
|
|
|
|
</form>
|
|
|
|
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</div>
|
2024-02-22 16:34:43 +01:00
|
|
|
<div style="margin-top:5em;">
|
|
|
|
<a class="btn btn-primary text-white" href="../index.php?ref=1">zurück</a>
|
|
|
|
</div>
|
2024-02-16 15:35:01 +01:00
|
|
|
</div>
|
|
|
|
</body>
|
|
|
|
</html>
|