Borgal/domili
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Borgal
2025-08-08 22:15:51 +02:00
commit 03fde990ca
10 changed files with 386 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
admin_users.php Executable file
View File

@@ -0,0 +1,79 @@
<?php
include('inc/check_login.php');
require_once('inc/db.php');
// Zugriff nur für eingeloggte Admins
if ($_SESSION['role'] !== 'admin') {
die("Zugriff nur für Admins");
}
// Datenbankverbindung einbinden
// Benutzer hinzufügen
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['username'], $_POST['password'], $_POST['role'])) {
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$role = $_POST['role'] === 'admin' ? 'admin' : 'member';
$sql = "INSERT INTO users (username, password, role) VALUES ('$username', '$password', '$role')";
if (mysqli_query($conn, $sql)) {
$message = "Benutzer erfolgreich hinzugefügt.";
} else {
$message = "Fehler beim Hinzufügen: " . mysqli_error($conn);
}
}
// Benutzerübersicht abrufen
$users = [];
$result = mysqli_query($conn, "SELECT id, username, role FROM users ORDER BY username ASC");
if ($result) {
while ($row = mysqli_fetch_assoc($result)) {
$users[] = $row;
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Benutzerverwaltung</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<h1>Benutzerverwaltung</h1>
<?php if (isset($message)) echo "<p><strong>$message</strong></p>"; ?>
<form method="post">
<label>Benutzername: <input type="text" name="username" required></label><br>
<label>Passwort: <input type="password" name="password" required></label><br>
<label>Rolle:
<select name="role">
<option value="member">Mitglied</option>
<option value="admin">Admin</option>
</select>
</label><br>
<button type="submit">Benutzer hinzufügen</button>
</form>
<h2>Benutzerübersicht</h2>
<table border="1" cellpadding="5">
<tr>
<th>ID</th>
<th>Benutzername</th>
<th>Rolle</th>
</tr>
<?php foreach ($users as $user): ?>
<tr>
<td><?= htmlspecialchars($user['id']) ?></td>
<td><?= htmlspecialchars($user['username']) ?></td>
<td><?= htmlspecialchars($user['role']) ?></td>
</tr>
<?php endforeach; ?>
</table>
<?php include('inc/footer.php'); ?>

3
css/style.css Executable file
View File

@@ -0,0 +1,3 @@
body {
background-color: #e6e6e6ff;
}

50
inc/check_login.php Executable file
View File

@@ -0,0 +1,50 @@
<?php
session_start();
include('inc/db.php');
// Funktion zum Löschen von Cookies und Weiterleiten zum Login
function redirect_to_login()
{
setcookie('auth_token', '', time() - 3600, "/");
setcookie('user_id', '', time() - 3600, "/");
$_SESSION = array();
session_destroy();
header("Location: login.php");
exit;
}
// 1. Prüfen, ob bereits eine Session existiert
if (isset($_SESSION['user_id'])) {
return; // Benutzer ist bereits per Session angemeldet.
}
// 2. Ansonsten: Prüfen, ob Cookies vorhanden sind
if (isset($_COOKIE['auth_token']) && isset($_COOKIE['user_id'])) {
$cookie_token = $_COOKIE['auth_token'];
$cookie_user_id = $_COOKIE['user_id'];
// Datenbank-Abfrage, um den Token und die vollständigen Benutzerdaten zu erhalten
$stmt = mysqli_prepare($conn, "SELECT id, login_token, username, role FROM users WHERE id = ?");
if ($stmt) {
mysqli_stmt_bind_param($stmt, "i", $cookie_user_id);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$user = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
// 3. Tokens vergleichen
if ($user && $cookie_token === $user['login_token']) {
// Tokens stimmen überein, Benutzer per Cookie authentifizieren
// Jetzt die Benutzerdaten in die Session laden
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['role'] = $user['role'];
return; // Authentifizierung per Cookie erfolgreich, Skript fortsetzen
}
}
}
// Wenn weder Session noch gültiger Cookie gefunden wurde
redirect_to_login();

10
inc/db.php Executable file
View File

@@ -0,0 +1,10 @@
<?php
include('inc/secure.php');
// Verbindung herstellen
$conn = mysqli_connect($host, $user, $password, $dbname);
// Verbindung prüfen
if (!$conn) {
die("Verbindung zur Datenbank fehlgeschlagen: " . mysqli_connect_error());
}

5
inc/footer.php Executable file
View File

@@ -0,0 +1,5 @@
<!-- Bootstrap JS Bundle -->
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>

22
inc/head.php Executable file
View File

@@ -0,0 +1,22 @@
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>DoMiLi Farbe der Woche</title>
<!-- Bootstrap-->
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
<!-- Font Google-->
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined" rel="stylesheet">
<!-- Custom styles -->
<link rel="stylesheet" href="css/style.css">
</head>
<!-- Farbe über Bootstrap festlegen mit Transparent -->
<!-- <body class="bg-info bg-opacity-10"> -->
<body>
<? include('inc/menu.php') ?>

53
inc/menu.php Executable file
View File

@@ -0,0 +1,53 @@
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
<div class="container-fluid">
<a class="navbar-brand d-flex" href="#">DoMiLi</a>
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarNav">
<ul class="navbar-nav">
<li class="nav-item">
<a class="nav-link d-flex active" aria-current="page" href="#"><span class="material-icons md-18 me-1">home</span>Dashboard</a>
</li>
<li class="nav-item">
<a class="nav-link d-flex" href="#"><span class="material-icons md-18 me-1">calendar_month</span>Termine</a>
</li>
<li class="nav-item">
<a class="nav-link d-flex" href="#"><span class="material-icons md-18 me-1">bar_chart</span>Auswertung</a>
</li>
<li class="nav-item">
<a class="nav-link d-flex" href="#"><span class="material-icons md-18 me-1">message</span>Kontakt</a>
</li>
<?php
if (isset($_SESSION['role']) && $_SESSION['role'] == 'admin') {
?>
<li class="nav-item dropdown">
<a class="nav-link d-flex align-items-center dropdown-toggle" href="#" role="button" data-bs-toggle="dropdown"><span class="material-icons md-18 me-1">admin_panel_settings</span>Admin</a>
<ul class="dropdown-menu">
<li><a class="dropdown-item" href="admin_color.php">Farben</a></li>
<li><a class="dropdown-item" href="admin_date.php">Termine</a></li>
<li><a class="dropdown-item" href="admin_users.php">Benutzer</a></li>
</ul>
</li>
<?php
}
?>
</ul>
<ul class="navbar-nav ms-auto">
<li><a class="dropdown-item" href="#"><span class="material-icons align-baseline md-18 me-1">help</span></a></li>
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" role="button" data-bs-toggle="dropdown"><span class="material-symbols-outlined align-text-bottom md-18 me-1">person</span><?php echo $_SESSION['username']; ?></a>
<ul class="dropdown-menu dropdown-menu-end">
<li><a class="dropdown-item" href="profil.php"><span class="material-icons text-secondary align-middle md-18 me-1">person</span>Profil</a></li>
<li><a class="dropdown-item" href="pass_change.php"><span class="material-icons text-secondary align-middle md-18 me-1">lock</span>Passwort ändern</a></li>
<li>
<div class="dropdown-divider"></div>
</li>
<li><a class="dropdown-item" href="logout.php"><span class="material-icons align-middle md-18 me-1">logout</span>Log Out</a></li>
</ul>
</li>
</ul>
</div>
</div>
</nav>

46
index.php Executable file
View File

@@ -0,0 +1,46 @@
<?php
include('inc/check_login.php');
include('inc/db.php');
include('inc/head.php');
// Aktuelle Kalenderwoche berechnen
$current_week = date('W');
// SQL-Abfrage mit JOIN zwischen meetings und colors
$sql = "SELECT * FROM meetings
JOIN colors ON meetings.color_id = colors.id
WHERE WEEK(meeting_date, 1) = $current_week
ORDER BY meeting_date DESC LIMIT 1";
$result = mysqli_query($conn, $sql);
if (!$result) {
die("Fehler in der SQL-Abfrage: " . mysqli_error($conn));
}
$row = mysqli_fetch_assoc($result);
?>
<div class="container py-5">
<div class="text-center mb-5">
<h1 class="display-4 fw-bold">DoMiLi</h1>
<p class="lead">Farbe der Kalenderwoche <strong><?= $current_week ?></strong></p>
</div>
<?php if ($row): ?>
<div class="card mx-auto bg-light shadow" style="max-width: 300px;">
<div class="card-body text-center">
<h5 class="card-title mb-3">Farbe der Woche</h5>
<div class="rounded mb-3 mx-auto" style="width: min(100px, 25vw); height: min(100px, 25vw); background-color: <?= htmlspecialchars($row['hex_code']) ?>;"></div>
<p class="fs-5 fw-semibold"><?= htmlspecialchars($row['name']) ?></p>
<p class="text-muted">Datum: <?= date('d.m.Y', strtotime($row['meeting_date'])) ?></p>
</div>
</div>
<?php else: ?>
<div class="alert alert-warning text-center">
Keine Farbe für diese Woche festgelegt.
</div>
<?php endif; ?>
</div>
<?php include('inc/footer.php'); ?>

101
login.php Executable file
View File

@@ -0,0 +1,101 @@
<?php
session_start();
include('inc/db.php');
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST['username'];
$password = $_POST['password'];
// 1. Prepared Statement vorbereiten
$stmt = mysqli_prepare($conn, "SELECT id, username, password, role FROM users WHERE username = ?");
if ($stmt) {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$user = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
if ($user && isset($user['role']) && password_verify($password, $user['password'])) {
// Authentifizierung erfolgreich, Session-Variablen setzen
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $username;
$_SESSION['role'] = $user['role'];
// Token generieren und in der Datenbank speichern
$token = bin2hex(random_bytes(32));
$update_stmt = mysqli_prepare($conn, "UPDATE users SET login_token = ? WHERE id = ?");
if ($update_stmt) {
mysqli_stmt_bind_param($update_stmt, "si", $token, $user['id']);
mysqli_stmt_execute($update_stmt);
mysqli_stmt_close($update_stmt);
}
// Cookies setzen, die 30 Tage gültig sind
setcookie('auth_token', $token, time() + (86400 * 30), "/");
setcookie('user_id', $user['id'], time() + (86400 * 30), "/");
header("Location: index.php");
exit();
} else {
$error = "Login fehlgeschlagen.";
}
} else {
// Fehler beim Vorbereiten des Statements
$error = "Datenbankfehler.";
}
}
?>
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>DoMiLi Login</title>
<!-- Bootstrap CSS -->
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
<!-- Google Fonts Icons -->
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined" rel="stylesheet">
<!-- Custom styles -->
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<div class="container d-flex justify-content-center align-items-center min-vh-100 py-4">
<div class="card bg-light shadow w-100" style="max-width: 400px;">
<div class="card-body">
<h4 class="card-title text-center mb-4 fs-3">DoMiLi Login</h4>
<?php if (isset($error)) {
?>
<div class="alert alert-danger" role="alert">
<?php echo $error; ?>
</div>
<?php
}
?>
<form method="post" action="">
<div class="mb-3">
<label for="username" class="form-label">Benutzername</label>
<input type="text" class="form-control form-control-lg" id="username" name="username" required autofocus>
</div>
<div class="mb-3">
<label for="password" class="form-label">Passwort</label>
<input type="password" class="form-control form-control-lg" id="password" name="password" required>
</div>
<div class="d-grid">
<button type="submit" class="btn btn-primary btn-lg">Einloggen</button>
</div>
</form>
</div>
</div>
</div>
<?php include('inc/footer.php'); ?>

17
logout.php Executable file
View File

@@ -0,0 +1,17 @@
<?php
session_start(); // Session starten, bevor man sie zerstört
// Alle Session-Daten löschen
$_SESSION = array();
// Cookies löschen, indem ihr Verfallsdatum in die Vergangenheit gesetzt wird
setcookie('auth_token', '', time() - 3600, "/");
setcookie('user_id', '', time() - 3600, "/");
// Session zerstören
session_destroy();
// Weiterleitung zur Login-Seite
header("Location: login.php");
exit;