102 lines
3.8 KiB
PHP
Executable File
102 lines
3.8 KiB
PHP
Executable File
<?php
|
||
session_start();
|
||
include('inc/db.php');
|
||
|
||
|
||
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||
$username = $_POST['username'];
|
||
$password = $_POST['password'];
|
||
|
||
// 1. Prepared Statement vorbereiten
|
||
$stmt = mysqli_prepare($conn, "SELECT id, username, password, email, role FROM users WHERE username = ?");
|
||
if ($stmt) {
|
||
mysqli_stmt_bind_param($stmt, "s", $username);
|
||
mysqli_stmt_execute($stmt);
|
||
$result = mysqli_stmt_get_result($stmt);
|
||
$user = mysqli_fetch_assoc($result);
|
||
mysqli_stmt_close($stmt);
|
||
|
||
if ($user && isset($user['role']) && password_verify($password, $user['password'])) {
|
||
// Authentifizierung erfolgreich, Session-Variablen setzen
|
||
$_SESSION['user_id'] = $user['id'];
|
||
$_SESSION['username'] = $username;
|
||
$_SESSION['email'] = $user['email'];
|
||
$_SESSION['role'] = $user['role'];
|
||
|
||
// Token generieren und in der Datenbank speichern
|
||
$token = bin2hex(random_bytes(32));
|
||
$update_stmt = mysqli_prepare($conn, "UPDATE users SET login_token = ? WHERE id = ?");
|
||
if ($update_stmt) {
|
||
mysqli_stmt_bind_param($update_stmt, "si", $token, $user['id']);
|
||
mysqli_stmt_execute($update_stmt);
|
||
mysqli_stmt_close($update_stmt);
|
||
}
|
||
|
||
// Cookies setzen, die 30 Tage gültig sind
|
||
setcookie('auth_token', $token, time() + (86400 * 30), "/");
|
||
setcookie('user_id', $user['id'], time() + (86400 * 30), "/");
|
||
|
||
header("Location: index.php");
|
||
exit();
|
||
} else {
|
||
$error = "Login fehlgeschlagen.";
|
||
}
|
||
} else {
|
||
// Fehler beim Vorbereiten des Statements
|
||
$error = "Datenbankfehler.";
|
||
}
|
||
}
|
||
|
||
?>
|
||
|
||
<!DOCTYPE html>
|
||
<html lang="de">
|
||
|
||
<head>
|
||
<meta charset="UTF-8">
|
||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||
<title>DoMiLi – Login</title>
|
||
<!-- Bootstrap CSS -->
|
||
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
|
||
<!-- Google Fonts Icons -->
|
||
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
|
||
<link href="https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined" rel="stylesheet">
|
||
<!-- Custom styles -->
|
||
<link rel="stylesheet" href="css/style.css">
|
||
</head>
|
||
|
||
<body>
|
||
|
||
<div class="container d-flex justify-content-center align-items-center min-vh-100 py-4">
|
||
<div class="card bg-light shadow w-100" style="max-width: 400px;">
|
||
<div class="card-body">
|
||
<h4 class="card-title text-center mb-4 fs-3">DoMiLi Login</h4>
|
||
|
||
<?php if (isset($error)) {
|
||
?>
|
||
<div class="alert alert-danger" role="alert">
|
||
<?php echo $error; ?>
|
||
</div>
|
||
<?php
|
||
}
|
||
?>
|
||
|
||
<form method="post" action="">
|
||
<div class="mb-3">
|
||
<label for="username" class="form-label">Benutzername</label>
|
||
<input type="text" class="form-control form-control-lg" id="username" name="username" required autofocus>
|
||
</div>
|
||
<div class="mb-3">
|
||
<label for="password" class="form-label">Passwort</label>
|
||
<input type="password" class="form-control form-control-lg" id="password" name="password" required>
|
||
</div>
|
||
<div class="d-grid">
|
||
<button type="submit" class="btn btn-primary btn-lg">Einloggen</button>
|
||
</div>
|
||
</form>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
|
||
|
||
<?php include('inc/footer.php'); ?>
|