<?php
include('auth.php');
#include('redirect.php');
/* custom redirect */
if ($_SESSION["admin"] === true) {
    header("Location: /admin/index.php");
    die();
}

/* Login logic */
if ((isset($_POST['username'])) && (isset($_POST['password']))) {

    if(anti_spam()){
        $error = "AntiSpam: Vennligst vent og prøv igjen.";
    } else {
        if (($_POST['username'] === $config['username']) && $_POST['password'] === $config['password']) {
            $_SESSION["admin"] = true;
            $_SESSION["username"] = $_POST['username'];
            $_SESSION["password"] = $_POST['password'];
            header("Location: /admin/index.php");
            die();
        } else {
            $error = "Feil påloggingsinformasjon.";
        }
    }
}

function anti_spam() {
    $last_time = file_get_contents("../../anti_spam/login.txt");
    $seconds = time() - $last_time;
    if($seconds < 10) {
        return true;
    } else {
        file_put_contents("../../anti_spam/login.txt", time());
        return false;
    }
}
?>

<?php include('../../_header.php'); ?>

<h3>Administrator Login</h3>

<form style="border: 1px solid #888; padding: 10px; border-radius: 2px;" action="" method="post">
    <?php 
    if(isset($error)==true) {
            print("<small style='color: red;'>".$error."</small><br><br>");
    }
    ?>
    <!-- hvem bryr seg om CSRF -->
    <label for="username">Brukernavn:</label><br>
    <input type="text" id="username" name="username"><br>
    <label for="password">Passord:</label><br>
    <input type="password" id="password" name="password"><br><br>
    <input type="submit" value="Bekreft">
</form> 

<?php include('../../_footer.php'); ?>