107 lines
3.2 KiB
PHP
107 lines
3.2 KiB
PHP
<?php
|
|
// login.php
|
|
|
|
ini_set('display_errors', 1);
|
|
ini_set('display_startup_errors', 1);
|
|
error_reporting(E_ALL);
|
|
|
|
session_start();
|
|
|
|
// 1) DB-Verbindung (einmal)
|
|
$servername = "localhost";
|
|
$port = 3306;
|
|
$username = "FSST";
|
|
$password = "L9wUNZZ9Qkbt";
|
|
$db = "FSST";
|
|
|
|
$conn = mysqli_connect($servername, $username, $password, $db, $port);
|
|
if (!$conn) {
|
|
http_response_code(500);
|
|
die("Datenbankfehler");
|
|
}
|
|
|
|
// 2) POST-Verarbeitung VOR jeglicher Ausgabe
|
|
$loginError = null;
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$uname = isset($_POST['uname']) ? $_POST['uname'] : '';
|
|
$pw = isset($_POST['pw']) ? $_POST['pw'] : '';
|
|
|
|
// Basic Validierung
|
|
if ($uname === '' || $pw === '') {
|
|
$loginError = "Bitte Username und Passwort eingeben.";
|
|
}
|
|
else {
|
|
// Login ist SELECT, nicht INSERT
|
|
$stmt = mysqli_prepare($conn, "SELECT id, pw FROM user WHERE un = ?");
|
|
mysqli_stmt_bind_param($stmt, "s", $uname);
|
|
mysqli_stmt_execute($stmt);
|
|
$result = mysqli_stmt_get_result($stmt);
|
|
|
|
$user = $result ? mysqli_fetch_assoc($result) : null;
|
|
|
|
// Falls du Passwörter gehasht speicherst: password_verify($pw, $user['pw'])
|
|
// Wenn aktuell Klartext (nicht empfohlen): $pw === $user['pw']
|
|
if ($user && $pw === $user['pw']) {
|
|
$_SESSION['user_id'] = (int)$user['id'];
|
|
$_SESSION['username'] = $uname;
|
|
|
|
mysqli_close($conn);
|
|
header("Location: index.php");
|
|
exit;
|
|
}
|
|
|
|
$loginError = "Ungültige Zugangsdaten.";
|
|
}
|
|
}
|
|
?>
|
|
|
|
<?php include 'header.php'; ?>
|
|
|
|
<!-- Hinweis: header.php öffnet bereits <!DOCTYPE html>, <html>, <head> und <body>. -->
|
|
<link rel="stylesheet" href="assets/css/login.css">
|
|
|
|
<main class="auth" role="main">
|
|
<section class="auth__grid" aria-label="Login Bereich">
|
|
<div class="auth__card">
|
|
<header class="auth__header">
|
|
|
|
<h2 class="auth__title">Login</h2>
|
|
</header>
|
|
|
|
<?php if ($loginError): ?>
|
|
<p class="auth__alert" role="alert"><?php echo htmlspecialchars($loginError, ENT_QUOTES, 'UTF-8'); ?></p>
|
|
<?php endif; ?>
|
|
|
|
<form class="auth__form" action="login.php" method="POST" autocomplete="on">
|
|
<div class="auth__field">
|
|
<label for="uname">Username</label>
|
|
<input type="text" id="uname" name="uname" inputmode="text" autocomplete="username" required>
|
|
</div>
|
|
|
|
<div class="auth__field">
|
|
<label for="pw">Passwort</label>
|
|
<input type="password" id="pw" name="pw" autocomplete="current-password" required>
|
|
</div>
|
|
|
|
<div class="auth__actions">
|
|
<input class="auth__submit" type="submit" value="Einloggen">
|
|
</div>
|
|
</form>
|
|
|
|
<div class="auth__links">
|
|
<p class="auth__muted">Neu hier? <a href="other/login.html">Account erstellen</a></p>
|
|
<p class="auth__muted"><a href="index.php">Zurück zur Startseite</a></p>
|
|
</div>
|
|
</div>
|
|
|
|
</section>
|
|
</main>
|
|
|
|
<?php
|
|
mysqli_close($conn);
|
|
include 'footer.php';
|
|
?>
|
|
|
|
<!-- footer.php schließt </body> und </html> -->
|