2013-12-27 12:00:45 +01:00
< ? php
2013-12-27 13:25:13 +01:00
session_start ();
2014-01-10 17:02:12 +01:00
if ( isset ( $_POST [ " benutzername " ]) && isset ( $_POST [ " passwort " ])) { // wenn Benutzername eingegeben wurde
2013-12-27 12:00:45 +01:00
require_once " verbindungsaufbau.php " ; //mit Server verbinden
$user = $_POST [ " benutzername " ];
$passwort = $_POST [ " passwort " ];
2014-01-10 17:02:12 +01:00
$salt = " *|!JeFF28S,@Z3Sm5 \1 ? " ; // selber geheimer Zufallszeichenwert wie in registrieren.php
$salted_password = $salt . $passwort ; // wie in registrieren.php
2013-12-27 12:00:45 +01:00
$password_hash = hash ( 'sha256' , $salted_password );
2013-12-29 11:12:38 +01:00
if ( $stmt = $mysqli -> prepare ( " SELECT passwort,user_id,vorname,nachname FROM benutzer WHERE username=? " )) {
2013-12-27 12:00:45 +01:00
$stmt -> bind_param ( " s " , $user );
$stmt -> execute ();
2013-12-29 11:12:38 +01:00
$stmt -> bind_result ( $password_db , $user_id , $vorname , $nachname );
2013-12-27 12:00:45 +01:00
$stmt -> fetch ();
2014-01-10 17:02:12 +01:00
if ( $password_db == $password_hash ) { // wenn die Anmeldung erfolgreich ist, werden Informationen <20> ber den aktuellen Benutzer in die Session geschrieben
2013-12-27 13:25:13 +01:00
$_SESSION [ 'user' ] = $user ;
2013-12-29 11:12:38 +01:00
$_SESSION [ 'user_id' ] = $user_id ;
$_SESSION [ 'vorname' ] = $vorname ;
$_SESSION [ 'nachname' ] = $nachname ;
2013-12-27 12:00:45 +01:00
} else {
echo " falsches Passwort " ;
}
} else {
echo " falscher Benutzername " ;
}
$mysqli -> close ();
}
2014-01-10 17:02:12 +01:00
if ( ! isset ( $_SESSION [ 'user' ])) { // wenn noch nicht angemeldet
2013-12-27 12:00:45 +01:00
?>
<! DOCTYPE html >
< html lang = " de " >
< head >
< meta charset = " utf-8 " />
< title > Login </ title >
< meta name = " author " content = " Lukas " >
2013-12-31 14:53:50 +01:00
< link rel = " stylesheet " href = " style.css " />
< style type = " text/css " >
input {
width : auto ;
}
</ style >
2013-12-27 12:00:45 +01:00
</ head >
< body >
< form action = " login.php " method = " POST " >
2013-12-30 16:29:10 +01:00
< table >
< tr >
< td > Benutzername :</ td >
< td >< input type = " text " name = " benutzername " required autofocus /></ td >
</ tr >
< tr >
< td > Passwort :</ td >
2014-01-10 17:02:12 +01:00
< td >< input type = " password " name = " passwort " required /></ td >
2013-12-30 16:29:10 +01:00
</ tr >
</ table >
< input type = " submit " value = " anmelden " />
2013-12-27 12:00:45 +01:00
</ form >
< ? php
2014-01-10 17:02:12 +01:00
} else { //wenn man erfolgreich angemeldet wurde
2013-12-27 13:25:13 +01:00
echo " Hallo " . $_SESSION [ 'user' ] . " - <a href='./login.php?abmelden=1'>Abmelden</a> " ;
2014-01-10 17:02:12 +01:00
echo " <script>window.opener.parent.location.reload();window.close();</script> " ; // Das Fenster wird geschlossen und das Ursprungsfenster wird neu geladen
2013-12-27 12:00:45 +01:00
}
2014-01-10 17:02:12 +01:00
if ( isset ( $_GET [ " abmelden " ])) { session_destroy ();} // um sich abzumelden an die url ?id=abmelden anh<6E> ngen
2013-12-27 12:00:45 +01:00
?>
</ body >
</ html >