Initial commit

public/admin/login.php

@@ -0,0 +1,58 @@
+<?php
+include('auth.php');
+#include('redirect.php');
+/* custom redirect */
+if ($_SESSION["admin"] === true) {
+    header("Location: /admin/index.php");
+    die();
+}
+
+/* Login logic */
+if ((isset($_POST['username'])) && (isset($_POST['password']))) {
+
+    if(anti_spam()){
+        $error = "AntiSpam: Vennligst vent og prøv igjen.";
+    } else {
+        if (($_POST['username'] === $config['username']) && $_POST['password'] === $config['password']) {
+            $_SESSION["admin"] = true;
+            $_SESSION["username"] = $_POST['username'];
+            $_SESSION["password"] = $_POST['password'];
+            header("Location: /admin/index.php");
+            die();
+        } else {
+            $error = "Feil påloggingsinformasjon.";
+        }
+    }
+}
+
+function anti_spam() {
+    $last_time = file_get_contents("../../anti_spam/login.txt");
+    $seconds = time() - $last_time;
+    if($seconds < 10) {
+        return true;
+    } else {
+        file_put_contents("../../anti_spam/login.txt", time());
+        return false;
+    }
+}
+?>
+
+<?php include('../../_header.php'); ?>
+
+<h3>Administrator Login</h3>
+
+<form style="border: 1px solid #888; padding: 10px; border-radius: 2px;" action="" method="post">
+    <?php 
+    if(isset($error)==true) {
+            print("<small style='color: red;'>".$error."</small><br><br>");
+    }
+    ?>
+    <!-- hvem bryr seg om CSRF -->
+    <label for="username">Brukernavn:</label><br>
+    <input type="text" id="username" name="username"><br>
+    <label for="password">Passord:</label><br>
+    <input type="password" id="password" name="password"><br><br>
+    <input type="submit" value="Bekreft">
+</form> 
+
+<?php include('../../_footer.php'); ?>