Inital

zeiterfassung/login.php

@@ -0,0 +1,77 @@
+<?php 
+session_start();
+
+require_once("inc/config.inc.php");
+require_once("inc/functions.inc.php");
+
+$error_msg = "";
+if(isset($_POST['email']) && isset($_POST['passwort'])) {
+	$email = $_POST['email'];
+	$passwort = $_POST['passwort'];
+
+	$statement = $pdo->prepare("SELECT * FROM users WHERE email = :email");
+	$result = $statement->execute(array('email' => $email));
+	$user = $statement->fetch();
+
+	//Überprüfung des Passworts
+	if ($user !== false && password_verify($passwort, $user['passwort'])) {
+		$_SESSION['userid'] = $user['id'];
+
+		//Möchte der Nutzer angemeldet beleiben?
+		if(isset($_POST['angemeldet_bleiben'])) {
+			$identifier = random_string();
+			$securitytoken = random_string();
+				
+			$insert = $pdo->prepare("INSERT INTO securitytokens (user_id, identifier, securitytoken) VALUES (:user_id, :identifier, :securitytoken)");
+			$insert->execute(array('user_id' => $user['id'], 'identifier' => $identifier, 'securitytoken' => sha1($securitytoken)));
+			setcookie("identifier",$identifier,time()+(3600*24*365)); //Valid for 1 year
+			#$_COOKIE['identifier'] = $identifier;
+			setcookie("securitytoken",$securitytoken,time()+(3600*24*365)); //Valid for 1 year
+			#$_COOKIE['securitytoken'] = $securitytoken;
+			
+		}
+		
+		echo "<script>window.location.href='index.php';</script>";
+		//header("location: index.php");
+		exit;
+	} else {
+		$error_msg =  "E-Mail oder Passwort war ungültig<br><br>";
+	}
+
+}
+
+$email_value = "";
+if(isset($_POST['email']))
+	$email_value = htmlentities($_POST['email']); 
+
+include("templates/header.inc.php");
+?>
+ <div class="container small-container-330 form-signin">
+  <form action="login.php" method="post">
+	<h2 class="form-signin-heading">Login</h2>
+	
+<?php 
+if(isset($error_msg) && !empty($error_msg)) {
+	echo $error_msg;
+}
+?>
+	<label for="inputEmail" class="sr-only">E-Mail</label>
+	<input type="email" name="email" id="inputEmail" class="form-control" placeholder="E-Mail" value="<?php echo $email_value; ?>" required autofocus>
+	<label for="inputPassword" class="sr-only">Passwort</label>
+	<input type="password" name="passwort" id="inputPassword" class="form-control" placeholder="Passwort" required>
+	<div class="checkbox">
+	  <label>
+		<input type="checkbox" value="remember-me" name="angemeldet_bleiben" value="1" checked> Angemeldet bleiben
+	  </label>
+	</div>
+	<button class="btn btn-lg btn-primary btn-block" type="submit">Login</button>
+	<br>
+	<a href="passwortvergessen.php">Passwort vergessen</a>
+  </form>
+
+</div> <!-- /container -->
+ 
+
+<?php 
+include("templates/footer.inc.php")
+?>