Show sourcecode
The following files exists in this folder. Click to view.
.gitignore
admin/
config.php
createtable.php
crumbs_design_system.html
dbconnection.php
icons/
includes/
index.php
js/
login.php
logout.php
order/
register.php
style/
login.php
122 lines UTF-8 Windows (CRLF)
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122
<?php
session_start();
$login_error = null;
// Återställ login error
if (isset($_SESSION['login_error'])) {
$login_error = $_SESSION['login_error'];
unset($_SESSION['login_error']);
}
function login($username, $password)
{
include('dbconnection.php');
if (!$dbconn) {
die("Connection failed: Can't connect to database.");
}
// Hitta användare med givet användarnamn / e-post och lösenord
$sql = "SELECT * FROM users WHERE username = :username OR email = :username";
$stmt = $dbconn->prepare($sql);
$stmt->bindParam(':username', $username);
$stmt->execute();
$res = $stmt->fetch(PDO::FETCH_ASSOC);
// Kolla så lösenord är rätt hash
if (!$res || !password_verify($password, $res['password'])) {
return false;
} else {
// Regenerate session id och ta bort gamla session
session_regenerate_id(true);
// Sätt session variabler
$_SESSION['logged_in'] = 1;
$_SESSION['is_admin'] = ($res['is_admin'] == 1) ? 1 : 0;
// Att sätta name som session variabel kan vara problematiskt om namn ändras...
$_SESSION['name'] = ($res['fullname']);
$_SESSION['user_id'] = ($res['user_id']);
header("Location: index.php");
exit();
}
}
// Skicka login uppgifter till login funktionen
if (
isset($_POST['username']) && isset($_POST['password']) &&
!empty($_POST['username']) && !empty($_POST['password'])
) {
$username = $_POST['username'];
$password = $_POST['password'];
try {
if (!login($username, $password)) {
$_SESSION['login_error'] = "Felaktigt användarnamn eller lösenord.";
header("Location: login.php");
exit();
}
} catch (PDOException $e) {
// SÄKERHET: Logga det riktiga felet men visa aldrig stacktrace/databasfel för användaren
error_log("login error: " . $e->getMessage());
$_SESSION['login_error'] = "Ett fel uppstod. Försök igen senare.";
header("Location: login.php");
exit();
}
}
?>
<!DOCTYPE html>
<html lang="sv">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Logga in - Crumbs</title>
<link rel="shortcut icon" href="./icons/cookie_24dp_E3E3E3_FILL0_wght400_GRAD0_opsz24.svg" type="image/svg">
<link rel="stylesheet" href="./style/stylesheet.css">
<link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Material+Symbols+Rounded:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200&display=swap">
</head>
<body>
<div class="auth-wrapper">
<div class="auth-card">
<!-- Header -->
<div class="auth-header">
<span class="material-symbols-rounded">cookie</span>
<h1>Crumbs</h1>
<p>Skriv in dina uppgifter för att logga in.</p>
</div>
<!-- Skriv ut login error -->
<?php if ($login_error): ?>
<div class="alert alert-error">
<span class="material-symbols-rounded" style="font-size:18px">error</span>
<?= htmlspecialchars($login_error) ?>
</div>
<?php endif; ?>
<!-- Inloggningsformulär -->
<form method="post" action="">
<div class="form-group">
<label for="username">Användarnamn eller e-post</label>
<input type="text" id="username" name="username" maxlength="64" required autocomplete="username" placeholder="namn@exempel.se">
</div>
<div class="form-group">
<label for="password">Lösenord</label>
<input type="password" id="password" name="password" maxlength="32" required autocomplete="current-password" placeholder="Ange lösenord">
</div>
<div class="actions" style="margin-top: 8px;">
<button type="submit" class="btn" style="flex:1">
<span class="material-symbols-rounded">login</span>
Logga in
</button>
<a href="./register.php" class="btn signup" style="flex:1">
<span class="material-symbols-rounded">person_add</span>
Registrera
</a>
</div>
</form>
</div>
</div>
</body>
</html>