Webbserverprogrammering 1

Show sourcecode

The following files exists in this folder. Click to view.

webbserverprogrammering/submissions/projekt-quiz/

README.md
admin/
create_admin.php
create_quiz.php
css/
dashboard.php
debug_questions.php
includes/
index.php
leaderboard.php
login.php
logout.php
my_results.php
quiz.php
quiz_result.php
register.php
sqlcredentials

login.php

105 lines UTF-8 Unix (LF)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<?php
session_start();
require_once 'includes/db_connect.php';

// PROCESSERING (om formulär är skickat)
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    
    $username trim($_POST['username']);
    $password $_POST['password'];
    
    $error '';
    
    // Validering
    if (empty($username) || empty($password)) {
        $error "Både användarnamn och lösenord måste fyllas i.";
    } else {
        
        // Hämta användare från databas
        $stmt $pdo->prepare("
            SELECT id, name, username, password, is_admin 
            FROM users 
            WHERE username = :username
        ");
        $stmt->execute([':username' => $username]);
        $user $stmt->fetch(PDO::FETCH_ASSOC);
        
        // Kontrollera lösenord
        if ($user && password_verify($password$user['password'])) {
            
            // INLOGGNING LYCKADES!
            
            // Uppdatera senaste inloggningstid
            $stmt $pdo->prepare("
                UPDATE users 
                SET last_login = NOW() 
                WHERE id = :id
            ");
            $stmt->execute([':id' => $user['id']]);
            
            // Regenerera session ID (säkerhet)
            session_regenerate_id(true);
            
            // Spara i session
            $_SESSION['user_id'] = $user['id'];
            $_SESSION['username'] = $user['username'];
            $_SESSION['name'] = $user['name'];
            $_SESSION['logged_in'] = true;
            
            // Omdirigera till dashboard
            header("Location: dashboard.php");
            exit();
            
        } else {
            $error "Felaktigt användarnamn eller lösenord.";
        }
    }
}

$page_title 'Logga in';
require_once 'includes/header.php';
?>
    
    <div class="container">
        <div class="login-box">
            <h1>Logga in</h1>
            
            <?php if (isset($error)): ?>
                <div class="error-message">
                    <?php echo htmlspecialchars($error); ?>
                </div>
            <?php endif; ?>
            
            <form method="POST" action="login.php">
                <div class="form-group">
                    <label for="username">Användarnamn:</label>
                    <input 
                        type="text" 
                        id="username" 
                        name="username" 
                        value="<?php echo isset($_POST['username']) ? htmlspecialchars($_POST['username']) : ''?>"
                        required
                    >
                </div>
                
                <div class="form-group">
                    <label for="password">Lösenord:</label>
                    <input 
                        type="password" 
                        id="password" 
                        name="password" 
                        required
                    >
                </div>
                
                <button type="submit" class="btn btn-primary">Logga in</button>
            </form>
            
            <p class="register-link">
                Inget konto? <a href="register.php">Registrera dig här</a>
            </p>
        </div>
    </div>
    
<?php require_once 'includes/footer.php'?>