added login
This commit is contained in:
@@ -14,6 +14,7 @@
|
||||
Punktesystem-KSP
|
||||
</div>
|
||||
<nav>
|
||||
<a href="logout.php">logout</a>
|
||||
<a href="index.php">Home</a>
|
||||
<a href="mannschaft.php">Mannschaftsverwaltung</a>
|
||||
<a href="stationen.php">Stationen</a>
|
||||
|
||||
@@ -1,4 +1,13 @@
|
||||
<?php echo file_get_contents("html/header.html"); ?>
|
||||
<?php
|
||||
session_start();
|
||||
include("../scripts/connection.php");
|
||||
include("../scripts/functions.php");
|
||||
|
||||
$user_data = check_login($con);
|
||||
|
||||
echo file_get_contents("html/header.html");
|
||||
?>
|
||||
|
||||
<body>
|
||||
<h1><span>Punktesystem Kreispokalwettbewerb Altdorf</span></h1>
|
||||
<p>test</p>
|
||||
|
||||
42
app/public/login.php
Normal file
42
app/public/login.php
Normal file
@@ -0,0 +1,42 @@
|
||||
<?php
|
||||
session_start();
|
||||
include("../scripts/connection.php");
|
||||
include("../scripts/functions.php");
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] == "POST"){
|
||||
$user_name = $_POST['user_name'];
|
||||
$password = $_POST['password'];
|
||||
|
||||
if(!empty($user_name) && !empty($password)) {
|
||||
$user_data = get_user_data_name($con, $user_name);
|
||||
$phash = generate_password_hash($password, $user_data['salt']);
|
||||
if($user_data['password'] === $phash) {
|
||||
$_SESSION['user_id'] = $user_data['user_id'];
|
||||
header("Location: index.php");
|
||||
die;
|
||||
} else {
|
||||
echo "Benutzername oder Passwort stimmen nicht";
|
||||
}
|
||||
} else {
|
||||
echo "Gib bitte gültige Daten ein!";
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
<!DOCTYPE html>
|
||||
<html lang="de">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Punktesystem-KSP</title>
|
||||
</head>
|
||||
<body>
|
||||
<form method="post">
|
||||
<input type="text" name="user_name"><br><br>
|
||||
<input type="password" name="password"><br><br>
|
||||
|
||||
<input id="button" type="submit" value="Login"><br><br>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
9
app/public/logout.php
Normal file
9
app/public/logout.php
Normal file
@@ -0,0 +1,9 @@
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
if(isset($_SESSION['user_id'])) {
|
||||
unset($_SESSION['user_id']);
|
||||
}
|
||||
|
||||
header("Location: login.php");
|
||||
die;
|
||||
@@ -1,3 +1,10 @@
|
||||
<!DOCTYPE html>
|
||||
<?php echo file_get_contents("html/header.html"); ?>
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
include("../scripts/connection.php");
|
||||
include("../scripts/functions.php");
|
||||
$user_data = check_login($con);
|
||||
|
||||
echo file_get_contents("html/header.html");
|
||||
?>
|
||||
<?php echo file_get_contents("html/footer.html"); ?>
|
||||
@@ -1,3 +1,10 @@
|
||||
<!DOCTYPE html>
|
||||
<?php echo file_get_contents("html/header.html"); ?>
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
include("../scripts/connection.php");
|
||||
include("../scripts/functions.php");
|
||||
$user_data = check_login($con);
|
||||
|
||||
echo file_get_contents("html/header.html");
|
||||
?>
|
||||
<?php echo file_get_contents("html/footer.html"); ?>
|
||||
@@ -1,3 +1,10 @@
|
||||
<!DOCTYPE html>
|
||||
<?php echo file_get_contents("html/header.html"); ?>
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
include("../scripts/connection.php");
|
||||
include("../scripts/functions.php");
|
||||
$user_data = check_login($con);
|
||||
|
||||
echo file_get_contents("html/header.html");
|
||||
?>
|
||||
<?php echo file_get_contents("html/footer.html"); ?>
|
||||
15
app/scripts/connection.php
Normal file
15
app/scripts/connection.php
Normal file
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
$dbhost = "mysql";
|
||||
$dbuser = "grisu";
|
||||
$dbpass = "secret";
|
||||
$dbname = "ksp";
|
||||
|
||||
try {
|
||||
$con = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbuser, $dbpass);
|
||||
$con->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
|
||||
$con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
} catch(PDOExeption $e) {
|
||||
print "Error!: " . $e->getMessage() . "<br/>";
|
||||
die();
|
||||
}
|
||||
@@ -1,5 +1,10 @@
|
||||
<?php
|
||||
|
||||
function handle_pdo_exception($e) {
|
||||
print "Error!: " . $e->getMessage() . "<br/>";
|
||||
die();
|
||||
}
|
||||
|
||||
function get_Station() {
|
||||
try {
|
||||
$dbh = new PDO('mysql:host=mysql;dbname=ksp', 'grisu', 'secret');
|
||||
@@ -8,9 +13,53 @@ function get_Station() {
|
||||
}
|
||||
$dbh = null;
|
||||
} catch(PDOException $e) {
|
||||
print "Error!: " . $e->getMessage() . "<br/>";
|
||||
die();
|
||||
handle_pdo_exception($e);
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
function check_user_id($con, $user_id) {
|
||||
try {
|
||||
$stmt = $con->prepare('SELECT user_id FROM users WHERE user_id = :user_id limit 1');
|
||||
$stmt->execute(['user_id' => $user_id]);
|
||||
|
||||
if($stmt) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
} catch(PDOException $e) {
|
||||
handle_pdo_exception($e);
|
||||
}
|
||||
}
|
||||
|
||||
function get_user_data_name($con, $user_name) {
|
||||
try {
|
||||
$stmt = $con->prepare('SELECT * FROM users WHERE user_name = :user_name limit 1');
|
||||
$stmt->execute(['user_name' => $user_name]);
|
||||
$stmt->setFetchMode(PDO::FETCH_ASSOC);
|
||||
return $stmt->fetch();
|
||||
} catch(PDOException $e) {
|
||||
handle_pdo_exception($e);
|
||||
}
|
||||
}
|
||||
|
||||
function get_user_data_id($con, $user_id) {
|
||||
try {
|
||||
$stmt = $con->prepare('SELECT * FROM users WHERE user_id = :user_id limit 1');
|
||||
$stmt->execute(['user_id' => $user_id]);
|
||||
$stmt->setFetchMode(PDO::FETCH_ASSOC);
|
||||
return $stmt->fetch();
|
||||
} catch(PDOException $e) {
|
||||
handle_pdo_exception($e);
|
||||
}
|
||||
}
|
||||
|
||||
function add_user($con, $username, $user_id, $user_group, $password, $salt) {
|
||||
try {
|
||||
$stmt = $con->prepare("INSERT INTO users (user_id, password, user_name, salt, user_group) VALUES (?, ?, ?, ?, ?)");
|
||||
$stmt->bind_param("sssss", $user_id, $password, $username, $salt, $user_group);
|
||||
$stmt->execute();
|
||||
} catch(PDOExeption $e) {
|
||||
handle_pdo_exception($e);
|
||||
}
|
||||
}
|
||||
34
app/scripts/functions.php
Normal file
34
app/scripts/functions.php
Normal file
@@ -0,0 +1,34 @@
|
||||
<?php
|
||||
|
||||
include("database_queries.php");
|
||||
|
||||
function check_login($con) {
|
||||
|
||||
if(isset($_SESSION['user_id'])) {
|
||||
|
||||
$id = $_SESSION['user_id'];
|
||||
if(check_user_id($con, $id)) {
|
||||
return get_user_data_id($con, $id);
|
||||
} else {
|
||||
header("Location: login.php");
|
||||
die;
|
||||
}
|
||||
} else {
|
||||
header("Location: login.php");
|
||||
die;
|
||||
}
|
||||
}
|
||||
|
||||
function generate_salt() {
|
||||
return substr(bin2hex(random_bytes(128)), 0, 128);
|
||||
}
|
||||
|
||||
function generate_user_id($username, $salt) {
|
||||
$uname = $username . $salt;
|
||||
return hash('sha3-512', $uname);
|
||||
}
|
||||
|
||||
function generate_password_hash($password, $salt) {
|
||||
$pword = $password . $salt;
|
||||
return hash('sha3-512', $pword);
|
||||
}
|
||||
Reference in New Issue
Block a user