View sourcecode

The following files exists in this folder. Click to view.

index.php

68 lines UTF-8 Unix (LF)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php
require_once __DIR__ '/functions.php';

if (empty($_SESSION['csrf_token'])) {
    $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}

$flash $_SESSION['flash'] ?? null;
unset($_SESSION['flash']);

$logged_in = isset($_SESSION['user']);
$user $_SESSION['user']['name'] ?? null;
?>
<!doctype html>
<html lang="sv">
<head>
  <meta charset="utf-8">
  <title>Logga in / Registrera</title>
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="stylesheet" href="style.css">
</head>
<body>

<div class="page-container">

  <h1>Välkommen</h1>

  <?php if ($flash !== null): ?>
    <div class="flash"><?= htmlspecialchars($flash ?? ''?></div>
  <?php endif; ?>

  <?php if ($logged_in): ?>
    <div class="card" style="margin-bottom:1rem;">
      <p>Du är inloggad som <strong><?= htmlspecialchars($user ?? ''?></strong>.</p>
      <p><a href="admin.php">Till admin</a> 
       <a href="logout.php">Logga ut</a></p>
    </div>
  <?php endif; ?>

  <div class="card">
    <form method="post" action="login.php" autocomplete="off">
      <h2>Logga in</h2>
      <label>Användarnamn</label>
      <input type="text" name="username" required>
      <label>Lösenord</label>
      <input type="password" name="password" required>
      <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'?>">
      <button type="submit">Logga in</button>
    </form>

    <hr>

    <form method="post" action="users.php" autocomplete="off">
      <h2>Skapa konto</h2>
      <label>Användarnamn</label>
      <input type="text" name="username" required>
      <label>Lösenord</label>
      <input type="password" name="password" required>
      <input type="hidden" name="action" value="register">
      <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'?>">
      <button type="submit">Registrera</button>
    </form>
  </div>

</div>

</body>
</html>