cwsvJudo/homepage/machs/login.php

<?php
setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');

	require_once("config.php");
	
	require_once("./local/dbConf.php");
	require_once("./local/achievementsConf.php");

	require_once("./lib/achievementsLib.php");

	$basePath = "/users/cwsvjudo/www";
	require_once($basePath."/config/phpcount.config.php");
	require_once($basePath."/ressourcen/phpLib/phpcount/phpcount.php");


function checkCredentials($username, $password, $db_server, $db_user, $db_password, $db_name){
	$mysqli = @new mysqli($db_server, $db_user, $db_password, $db_name);
	if ($mysqli->connect_error) {
		$message['error'] = 'Datenbankverbindung fehlgeschlagen: ' . $mysqli->connect_error;
	} else {
		$query = sprintf(
			"SELECT id, loginName, pwHash, config FROM wkParticipo_Users WHERE loginName = '%s'",
			$mysqli->real_escape_string($_POST['f']['username'])
		);
		$result = $mysqli->query($query);
		if ($row = $result->fetch_array(MYSQLI_ASSOC)) {
			if( password_verify( $_POST['f']['password'], $row['pwHash']) ){
				session_start();
				$_SESSION = array(
					'login' => true,
					'user'  => array(
						'username'  => $row['loginName'],
						'userId' => $row['id'],
						'userConfig' => json_decode($row['config'], true)
					),
				);
				$message['success'] = 'Anmeldung erfolgreich, <a href="index.php">weiter zum Inhalt</a>.';				
				PHPCount::AddHit("machs-Login ".$_POST['f']['username']);
				header('Location: http://' . $_SERVER['HTTP_HOST'] . '/machs?user=' . $_POST['f']['username']);
			} else {
				sleep(1);
				$message['error'] = 'Das Kennwort ist nicht korrekt.';
			}
		}
	}
return $message;
}


if (isset($_SESSION['login'])) {
	header('Location: http://' . $_SERVER['HTTP_HOST'] . '/index.php');
}
else{
	if (!empty($_POST)) {
		if (
			empty($_POST['f']['username']) ||
			empty($_POST['f']['password'])
		) {
			$message['error'] = 'Es wurden nicht alle Felder ausgefüllt.';
		} else {
			
			$message = checkCredentials($_POST['f']['username'], $_POST['f']['password'], $db_server, $db_user, $db_password, $db_name);
			if( !isset($message['error']) )
				$message['notice'] = "Achievement-System der Judoka des Chemnitzer WSV";
		}
	}
}

?>
<!DOCTYPE html>
<html>
	<head>
		<meta charset="utf-8" />
		<meta name="viewport" content="width=device-width, initial-scale=1.0" />

		<!-- Materialize: Compiled and minified CSS -->
		<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/css/materialize.min.css">
		<!-- Materialize: Compiled and minified JavaScript -->
		<script src="https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/js/materialize.min.js"></script>

		<title>Login des Achievementsystemes der Judoka des Chemnitzer WSV</title>
		<meta name="description" content="Loginseite des Achievementsystemes der Judoka des CWSV">

	</head>
	<body class="container">
		<h1>Achievementsystem der Judoka des Chemnitzer WSV</h1>
		<?php echo(htmlRetMessage($message));?>
		<form action="./login.php" method="post">
			<fieldset>
				<legend>Benutzerdaten</legend>
				<div>
					<label for="username">Benutzername</label>
					<input  id="username"type="text" name="f[username]" <?php echo isset($_POST['f']['username']) ? ' value="' . htmlspecialchars($_POST['f']['username']) . '"' : '' ?> />
				</div>
				<div>
					<label for="password">Kennnwort</label>
					<input  id="password" type="password" name="f[password]" />
				</div>
			</fieldset>
			<fieldset>
				<div>
					<button type="submit" name="submit" value="Anmelden">Anmelden</button>
				</div>
			</fieldset>
			<fieldset class="notice"><legend>Hinweise</legend>
				<ul style="padding-left: inherit;">
					<li style="list-style-type: circle;" >Logindaten sind über den Übungsleiter zu beantragen.</li>
					<li style="list-style-type: circle;" >Dieses Projekt ist in mehr oder weniger aktiven Entwicklung. Sollte mal was nicht funktionieren, kann es sein, dass ich gerade daran herumschreibe. Also ruhig zu einem späteren Zeitpunkt noch einmal probieren.</li>
				</ul>
			</fieldset>
		</form>
	</body>
</html>