improvements
This commit is contained in:
parent
312b26ede9
commit
3eea8e912b
75
login.php
75
login.php
@ -1,33 +1,82 @@
|
||||
<?php
|
||||
// login.php
|
||||
|
||||
ini_set('display_errors', 1);
|
||||
ini_set('display_startup_errors', 1);
|
||||
error_reporting(E_ALL); ?>
|
||||
error_reporting(E_ALL);
|
||||
|
||||
session_start();
|
||||
|
||||
<?php include 'header.php'; ?>
|
||||
|
||||
<?php
|
||||
// 1) DB-Verbindung (einmal)
|
||||
$servername = "localhost";
|
||||
$port = 3306;
|
||||
$username = "FSST";
|
||||
$password = "L9wUNZZ9Qkbt";
|
||||
$db = "FSST";
|
||||
|
||||
// Verbindung aufbauen
|
||||
$conn = mysqli_connect($servername, $username, $password, $db, $port);
|
||||
|
||||
if (!$conn)
|
||||
{
|
||||
die("Datenbankfehler"); // kein Echo/Debug im Produktivcode
|
||||
echo "Datenbank Feler";
|
||||
if (!$conn) {
|
||||
http_response_code(500);
|
||||
die("Datenbankfehler");
|
||||
}
|
||||
else {
|
||||
echo "Datenbank erfolgreich";
|
||||
|
||||
// 2) POST-Verarbeitung VOR jeglicher Ausgabe
|
||||
$loginError = null;
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$uname = isset($_POST['uname']) ? $_POST['uname'] : '';
|
||||
$pw = isset($_POST['pw']) ? $_POST['pw'] : '';
|
||||
|
||||
// Basic Validierung
|
||||
if ($uname === '' || $pw === '') {
|
||||
$loginError = "Bitte Username und Passwort eingeben.";
|
||||
} else {
|
||||
// Login ist SELECT, nicht INSERT
|
||||
$stmt = mysqli_prepare($conn, "SELECT id, pw FROM user WHERE un = ?");
|
||||
mysqli_stmt_bind_param($stmt, "s", $uname);
|
||||
mysqli_stmt_execute($stmt);
|
||||
$result = mysqli_stmt_get_result($stmt);
|
||||
|
||||
$user = $result ? mysqli_fetch_assoc($result) : null;
|
||||
|
||||
// Falls du Passwörter gehasht speicherst: password_verify($pw, $user['pw'])
|
||||
// Wenn aktuell Klartext (nicht empfohlen): $pw === $user['pw']
|
||||
if ($user && $pw === $user['pw']) {
|
||||
$_SESSION['user_id'] = (int)$user['id'];
|
||||
$_SESSION['username'] = $uname;
|
||||
|
||||
mysqli_close($conn);
|
||||
header("Location: index.php");
|
||||
exit;
|
||||
}
|
||||
|
||||
$loginError = "Ungültige Zugangsdaten.";
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<body>
|
||||
<h2>Geizhals Login</h2>
|
||||
|
||||
<?php if ($loginError): ?>
|
||||
<p><?php echo htmlspecialchars($loginError, ENT_QUOTES, 'UTF-8'); ?></p>
|
||||
<?php endif; ?>
|
||||
|
||||
<form action="login.php" method="POST">
|
||||
<label for="uname">Username:</label>
|
||||
<input type="text" id="uname" name="uname"><br>
|
||||
<label for="pw">Password:</label>
|
||||
<input type="password" id="pw" name="pw"><br><br>
|
||||
<input type="submit" value="Login">
|
||||
</form>
|
||||
|
||||
<p><a href="register.html">Register</a></p>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
<?php include 'footer.php'; ?>
|
||||
<?php
|
||||
mysqli_close($conn);
|
||||
include 'footer.php';
|
||||
?>
|
||||
13
other/login.html
Normal file
13
other/login.html
Normal file
@ -0,0 +1,13 @@
|
||||
<html>
|
||||
<body>
|
||||
<h2>TestProjekt-Login</h2>
|
||||
<form action="login.php" method="POST">
|
||||
<label for="fname">Username:</label>
|
||||
<input type="text" id="uname" name="uname"><br>
|
||||
<label for="lname">Password:</label>
|
||||
<input type="text" id="pw" name="pw"><br><br>
|
||||
<input type="submit" value="Login">
|
||||
</form>
|
||||
<p><a href="register.html">Register</a></p>
|
||||
</body>
|
||||
</html>
|
||||
Loading…
Reference in New Issue
Block a user