<?php include('auth.php'); #include('redirect.php'); /* custom redirect */ if ($_SESSION["admin"] === true) { header("Location: /admin/index.php"); die(); } /* Login logic */ if ((isset($_POST['username'])) && (isset($_POST['password']))) { if(anti_spam()){ $error = "AntiSpam: Vennligst vent og prøv igjen."; } else { if (($_POST['username'] === $config['username']) && $_POST['password'] === $config['password']) { $_SESSION["admin"] = true; $_SESSION["username"] = $_POST['username']; $_SESSION["password"] = $_POST['password']; header("Location: /admin/index.php"); die(); } else { $error = "Feil påloggingsinformasjon."; } } } function anti_spam() { $last_time = file_get_contents("../../anti_spam/login.txt"); $seconds = time() - $last_time; if($seconds < 10) { return true; } else { file_put_contents("../../anti_spam/login.txt", time()); return false; } } ?> <?php include('../../_header.php'); ?> <h3>Administrator Login</h3> <form style="border: 1px solid #888; padding: 10px; border-radius: 2px;" action="" method="post"> <?php if(isset($error)==true) { print("<small style='color: red;'>".$error."</small><br><br>"); } ?> <!-- hvem bryr seg om CSRF --> <label for="username">Brukernavn:</label><br> <input type="text" id="username" name="username"><br> <label for="password">Passord:</label><br> <input type="password" id="password" name="password"><br><br> <input type="submit" value="Bekreft"> </form> <?php include('../../_footer.php'); ?>