From c82f80fe745c3bd6cffb6664f11e8cabcce087f1 Mon Sep 17 00:00:00 2001
From: marc-go <goringm64@gmail.com>
Date: Tue, 17 Feb 2026 10:01:52 +0100
Subject: [PATCH] Finish login

---
 api/login/getcookies.php | 46 ++++++++++++++++++++++++++++++++++++++++
 api/setup/setup.php      |  4 ----
 front/css/login.css      |  4 ++++
 front/index.php          |  4 ++--
 front/login.php          | 22 ++++++++++++++-----
 main.php                 | 12 ++++++++---
 6 files changed, 78 insertions(+), 14 deletions(-)
 create mode 100644 api/login/getcookies.php

diff --git a/api/login/getcookies.php b/api/login/getcookies.php
new file mode 100644
index 0000000..ca73ebc
--- /dev/null
+++ b/api/login/getcookies.php
@@ -0,0 +1,46 @@
+<?php
+require "../../main.php";
+
+$mcServ = new mcServ();
+$db = $mcServ->getDB();
+
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+    if (!isset($_POST["username"]) || !isset($_POST["passwd"])) {
+        die("Username or Password are missing");
+    }
+
+    $user = $_POST["username"];
+    $passwd = hash("sha256", $_POST["passwd"]);
+
+    $sql = "SELECT username, passwd FROM users WHERE username = :username AND passwd = :passwd";
+    $stmt = $db->prepare($sql);
+    $stmt->execute([
+        ':username' => $user,
+        ':passwd' => $passwd
+    ]);
+
+    $result = $stmt->fetch(PDO::FETCH_ASSOC);
+
+    if ($result) {
+        $config = $mcServ->getConf();
+
+        $session["session_id"] = $mcServ->generateSessionID();
+        $device_id = rand(1, 999);
+
+        $json[$device_id] = json_encode($session);
+
+        file_put_contents($config["PATH"] . "/tmp/user_sessions/" . $admin_user . ".json", json_encode($json));
+
+        setcookie("session_id", $session["session_id"], time() + 3600, "/");
+        setcookie("device_id", $device_id, time() + 3600, "/");
+        setcookie("username", $user, time() + 3600, "/");
+
+        header("Location: /admin");
+        exit;
+
+    }else{
+        header("Location: /login.php?passwdIsFalse=true");
+        exit;
+    }
+}
+?>
\ No newline at end of file
diff --git a/api/setup/setup.php b/api/setup/setup.php
index a9cba35..eb9a86f 100755
--- a/api/setup/setup.php
+++ b/api/setup/setup.php
@@ -1,10 +1,6 @@
 <?php
 require "../../main.php";
 
-ini_set("display_errors", 1);
-ini_set("display_startup_errors", 1);
-error_reporting(E_ALL);
-
 $admin_user = $_POST["admin_user"];
 $admin_mail = $_POST["admin_mail"];
 $admin_passwd_1 = $_POST["admin_passwd_1"];
diff --git a/front/css/login.css b/front/css/login.css
index 9721026..9ef1b2f 100644
--- a/front/css/login.css
+++ b/front/css/login.css
@@ -51,6 +51,10 @@ a {
     color: #000000;
 }
 
+.message_red {
+    color: red;
+}
+
 input {
     border: 1px solid #e0e0e0;
     width: 200px;
diff --git a/front/index.php b/front/index.php
index bb5e8d2..8447037 100755
--- a/front/index.php
+++ b/front/index.php
@@ -20,8 +20,8 @@ if (!$mcServ->checkConf()) {
 }
 
 if (!$mcServ->checkLogin()) {
-    /*header("Location: /login.php");
-    exit;*/
+    header("Location: /login.php");
+    exit;
 }else{
     echo "angemeldet";
 }
diff --git a/front/login.php b/front/login.php
index f444e0b..2a241a3 100755
--- a/front/login.php
+++ b/front/login.php
@@ -1,7 +1,13 @@
 <?php
-if ($_SERVER["REQUEST_METHOD"] == "POST") {
-    if (!isset($_POST["username"]) || !isset($_GET["passwd"])) {
-        die("Username or Password are missing");
+require "../main.php";
+
+$mcServ = new mcServ();
+
+if (isset($_GET["action"])) {
+    if ($_GET["action"] == "logout") {
+        setcookie("username", "", time() - 3600, "/");
+        setcookie("session_id", "", time() - 3600, "/");
+        setcookie("device_id", "", time() - 3600, "/");
     }
 }
 ?>
@@ -20,10 +26,16 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
             <h2>Login</h2>
         </div>
         <div class="content">
-            <form action="/api/setup/setup.php" method="post">
-                <div id="admin_user" class="page">
+            <form action="/api/login/getcookies.php" method="post">
+                <div class="page">
                     <a href="/resetpasswd.php">Forget Passwort?</a>
 
+                    <?php
+                    if (isset($_GET["passwdIsFalse"])) { 
+                        echo '<p class="message_red">Invalid username or password</p>';
+                    }
+                    ?>
+
                     <input type="text" name="username" placeholder="Username" id="user" required><br><br>
                     <input type="password" name="passwd" placeholder="Password" id="passwd" required><br><br>
 
diff --git a/main.php b/main.php
index 45b0900..4f88634 100755
--- a/main.php
+++ b/main.php
@@ -29,7 +29,6 @@ class mcServ {
 
     public function checkLogin() {
         if (!isset($_COOKIE["session_id"]) || !isset($_COOKIE["device_id"])) {
-            echo "Keine Cookies gesetzt";
             return false;
         }
 
@@ -38,20 +37,27 @@ class mcServ {
         $json = json_decode(file_get_contents($config["PATH"] . "/tmp/user_sessions/" . $_COOKIE["username"] . ".json"), true);
 
         if (!isset($json[$_COOKIE["device_id"]])) {
-            echo "Device ID gibt es nicht im JSON";
             return false;
         }
 
         $device = json_decode($json[$_COOKIE["device_id"]], true);
 
         if ($device["session_id"] !== $_COOKIE["session_id"]) {
-            echo "Session IDs stimmen nicht überein";
             return false;
         }
 
         return true;
     }
 
+    public function getDB() {
+        $config = $this->getConf();
+
+        $db = new PDO("sqlite:" . $config["DB_PATH"]);
+        $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
+        return $db;
+    }
+
     public function generateSessionID() {
         $num = rand(1, 999999);
         $hash = hash("sha256", $num);