FSST/Geizkragen
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases Wiki Activity
6a426f6902
Geizkragen/login.php
Fabian Schieder 6a426f6902 improvements
2026-01-22 22:05:37 +01:00

85 lines
2.2 KiB
PHP
Raw Blame History

<?php
// login.php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
session_start();
// 1) DB-Verbindung (einmal)
$servername = "localhost";
$port = 3306;
$username = "FSST";
$password = "L9wUNZZ9Qkbt";
$db = "FSST";
$conn = mysqli_connect($servername, $username, $password, $db, $port);
if (!$conn) {
http_response_code(500);
die("Datenbankfehler");
}
// 2) POST-Verarbeitung VOR jeglicher Ausgabe
$loginError = null;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$uname = isset($_POST['uname']) ? $_POST['uname'] : '';
$pw = isset($_POST['pw']) ? $_POST['pw'] : '';
// Basic Validierung
if ($uname === '' || $pw === '') {
$loginError = "Bitte Username und Passwort eingeben.";
} else {
// Login ist SELECT, nicht INSERT
$stmt = mysqli_prepare($conn, "SELECT id, pw FROM user WHERE un = ?");
mysqli_stmt_bind_param($stmt, "s", $uname);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$user = $result ? mysqli_fetch_assoc($result) : null;
// Falls du Passwörter gehasht speicherst: password_verify($pw, $user['pw'])
// Wenn aktuell Klartext (nicht empfohlen): $pw === $user['pw']
if ($user && $pw === $user['pw']) {
$_SESSION['user_id'] = (int)$user['id'];
$_SESSION['username'] = $uname;
mysqli_close($conn);
header("Location: index.php");
exit;
}
$loginError = "Ungültige Zugangsdaten.";
}
}
?>
<?php include 'header.php'; ?>
<!DOCTYPE html>
<html>
<body>
<link rel="stylesheet" href="assets/css/login.css">
<h2>Geizhals Login</h2>
<?php if ($loginError): ?>
<p><?php echo htmlspecialchars($loginError, ENT_QUOTES, 'UTF-8'); ?></p>
<?php endif; ?>
<form action="login.php" method="POST">
<label for="uname">Username:</label>
<input type="text" id="uname" name="uname"><br>
<label for="pw">Password:</label>
<input type="password" id="pw" name="pw"><br><br>
<input type="submit" value="Login">
</form>
<p><a href="register.html">Register</a></p>
</body>
</html>
<?php
mysqli_close($conn);
include 'footer.php';
?>
Reference in New Issue View Git Blame Copy Permalink