From 08d5f3c68fc5aadcf2262bf4d1b1ff53910362fd Mon Sep 17 00:00:00 2001
From: Johannes Theiner <j.theiner@live.de>
Date: Fri, 30 Apr 2021 10:16:33 +0200
Subject: [PATCH] funktionierender login/logout

---
 login.php    | 37 +++++++++++++++++++++++++++++++++++--
 logout.php   | 10 ++++++++++
 overview.php |  2 +-
 3 files changed, 46 insertions(+), 3 deletions(-)
 create mode 100644 logout.php

diff --git a/login.php b/login.php
index 26f2330..e4c5859 100644
--- a/login.php
+++ b/login.php
@@ -2,16 +2,49 @@
 require_once 'general.php';
 
 returnHeader();
+session_start();
 $config = getConfig();
 
-if (isset($_POST['login']) && !empty($_POST['username'])
+if (isset($_POST['user']) && !empty($_POST['user'])
     && !empty($_POST['password'])) {
 
     if ($_POST['user'] == $config['user'] && $_POST['password'] == $config['password']) {
-        $_SESSION['timeout'] = time();
+        $_SESSION['user'] = "Hello World";
+        header('Location: ' . $config['url'] . '/overview.php');
+        die();//https://thedailywtf.com/articles/WellIntentioned-Destruction
+    }
+    else {
+        echo "passwort nicht akzeptiert";
     }
 }
 
+?>
+
+    <div class="container">
+        <div class="columns">
+            <div class="column col-2"></div>
+            <div class="column col-8">
+
+                <form action="" method="post">
+
+                    <div class="form-group">
+                        <label class="form-label" for="user">Benutzer</label>
+                        <input type="text" name="user" id="user" required="required" class="form-input">
+                    </div>
+
+                    <div class="form-group">
+                        <label class="form-label" for="password">Passwort</label>
+                        <input type="password" name="password" id="password" required="required" class="form-input">
+                    </div>
+
+                    <button type="submit" class="btn">Anmelden</button>
+
+                </form>
+        </div>
+    </div>
+
+<?php
+
 returnFooter();
 
 ?>
\ No newline at end of file
diff --git a/logout.php b/logout.php
new file mode 100644
index 0000000..062e282
--- /dev/null
+++ b/logout.php
@@ -0,0 +1,10 @@
+<?php
+
+require_once 'general.php';
+
+session_start();
+session_unset();
+session_destroy();
+$config = getConfig();
+
+header('Location: ' . $config['url'] . '/');
\ No newline at end of file
diff --git a/overview.php b/overview.php
index dd0806d..08ab947 100644
--- a/overview.php
+++ b/overview.php
@@ -27,7 +27,7 @@ $entries = $statement->fetchAll(PDO::FETCH_ASSOC);
 
                     <div class="md:mt-6 top-0 right-0 absolute">
                         <button class="bg-blue-500 px-2 py-2 text-lg font-semibold tracking-wider text-white rounded hover:bg-blue-600">als CSV exportieren</button>
-                        <button class="bg-blue-500 px-4 py-2 text-lg font-semibold tracking-wider text-white rounded hover:bg-blue-600">ausloggen</button>
+                        <a href="logout.php" class="bg-blue-500 px-4 py-2 text-lg font-semibold tracking-wider text-white rounded hover:bg-blue-600">ausloggen</a>
                     </div>
 
                     <table id="overviewTable" class="display">