Show sourcecode

The following files exists in this folder. Click to view.

webbserverprogrammering/submissions/projekt-quiz/admin/

admin_login.php
admin_manage_quiz.php
admin_manage_users.php
admin_panel.php
admin_statistics.php
make_admin.php

`admin_login.php`

98 lines UTF-8 Unix (LF)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98


<?php
session_start();
require_once '../includes/db_connect.php';

// PROCESSERING
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    
    $username = trim($_POST['username']);
    $password = $_POST['password'];
    
    $error = '';
    
    if (empty($username) || empty($password)) {
        $error = "Både användarnamn och lösenord måste fyllas i.";
    } else {
        
        // Hämta ENDAST admins (is_admin = 1)
        $stmt = $pdo->prepare("
            SELECT id, name, username, password 
            FROM users 
            WHERE username = :username AND is_admin = 1
        ");
        $stmt->execute([':username' => $username]);
        $admin = $stmt->fetch(PDO::FETCH_ASSOC);
        
        if ($admin && password_verify($password, $admin['password'])) {
            
            // ADMIN-INLOGGNING LYCKADES
            
            // Uppdatera last_login
            $stmt = $pdo->prepare("UPDATE users SET last_login = NOW() WHERE id = :id");
            $stmt->execute([':id' => $admin['id']]);
            
            // Regenerera session ID
            session_regenerate_id(true);
            
            // Spara i SEPARAT admin-session
            $_SESSION['admin_id'] = $admin['id'];
            $_SESSION['admin_username'] = $admin['username'];
            $_SESSION['admin_name'] = $admin['name'];
            $_SESSION['admin_logged_in'] = true;
            
            // Omdirigera till admin-panel
            header("Location: admin_panel.php");
            exit();
            
        } else {
            $error = "Felaktiga admin-uppgifter.";
        }
    }
}

$page_title = 'Admin Login';
require_once '../includes/header.php';
?>
    
    <div class="container">
        <div class="admin-login-box">
            <h1>Admin-inloggning</h1>
            
            <?php if (isset($error)): ?>
                <div class="error-message">
                    <?php echo htmlspecialchars($error); ?>
                </div>
            <?php endif; ?>
            
            <form method="POST" action="admin_login.php">
                <div class="form-group">
                    <label for="username">Admin-användarnamn:</label>
                    <input 
                        type="text" 
                        id="username" 
                        name="username" 
                        required
                    >
                </div>
                
                <div class="form-group">
                    <label for="password">Lösenord:</label>
                    <input 
                        type="password" 
                        id="password" 
                        name="password" 
                        required
                    >
                </div>
                
                <button type="submit" class="btn btn-admin">Logga in som Admin</button>
            </form>
            
            <p class="back-link">
                <a href="../index.php">Tillbaka till startsidan</a>
            </p>
        </div>
    </div>
    
<?php require_once '../includes/footer.php'; ?>