diff --git a/auth/ldap.php b/auth/ldap.php
new file mode 100644
index 0000000..bcbbb13
--- /dev/null
+++ b/auth/ldap.php
@@ -0,0 +1,90 @@
+<?php
+// auth/ldap.php
+
+/**
+ * LDAP-authenticatie voor Samba AD.
+ * Retourneert gebruikersinfo bij succes of false bij mislukking.
+ */
+function ldap_authenticate($username, $password)
+{
+    $config = require __DIR__ . '/../config/config.php';
+    $ldap_conf = $config['ldap'];
+
+    if (empty($username) || empty($password)) {
+        return false;
+    }
+
+    // Verbinden met Samba AD LDAP
+    $ldapconn = ldap_connect($ldap_conf['server'], $ldap_conf['port']);
+    if (!$ldapconn) {
+        error_log("LDAP: geen verbinding met {$ldap_conf['server']}");
+        return false;
+    }
+
+    ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
+    ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
+
+    // StartTLS indien geconfigureerd
+    if (!empty($ldap_conf['use_tls']) && $ldap_conf['use_tls']) {
+        if (!ldap_start_tls($ldapconn)) {
+            error_log("LDAP: TLS-verbinding mislukt");
+            ldap_close($ldapconn);
+            return false;
+        }
+    }
+
+    // Probeer eerst directe bind via userPrincipalName (AD-stijl)
+    $userPrincipalName = (str_contains($username, '@')) ? $username : "{$username}@de-roo.local";
+    $bind = @ldap_bind($ldapconn, $userPrincipalName, $password);
+
+    // Als directe bind lukt → zoek user info
+    if ($bind) {
+        $filter = "(sAMAccountName={$username})";
+    } else {
+        // Fallback: bind met admin en zoek de DN van gebruiker
+        if (!@ldap_bind($ldapconn, $ldap_conf['admin_user'], $ldap_conf['admin_pass'])) {
+            ldap_unbind($ldapconn);
+            return false;
+        }
+
+        $filter = "(|(sAMAccountName={$username})(userPrincipalName={$userPrincipalName}))";
+    }
+
+    $attrs = ['sAMAccountName', 'givenName', 'sn', 'mail', 'userPrincipalName', 'displayName', 'dn'];
+    $result = ldap_search($ldapconn, $ldap_conf['base_dn'], $filter, $attrs);
+
+    if (!$result) {
+        ldap_unbind($ldapconn);
+        return false;
+    }
+
+    $entries = ldap_get_entries($ldapconn, $result);
+    if ($entries['count'] === 0) {
+        ldap_unbind($ldapconn);
+        return false;
+    }
+
+    $entry = $entries[0];
+
+    // Als we nog niet met de user zelf gebind zijn, doe dat nu
+    if (!$bind) {
+        $user_dn = $entry['dn'];
+        if (!@ldap_bind($ldapconn, $user_dn, $password)) {
+            ldap_unbind($ldapconn);
+            return false;
+        }
+    }
+
+    // Gebruikersinfo samenstellen
+    $userData = [
+        'username'  => $entry['samaccountname'][0] ?? $username,
+        'givenName' => $entry['givenname'][0] ?? '',
+        'sn'        => $entry['sn'][0] ?? '',
+        'email'     => $entry['mail'][0] ?? '',
+        'displayName' => $entry['displayname'][0] ?? ($entry['givenname'][0] ?? '') . ' ' . ($entry['sn'][0] ?? ''),
+        'userPrincipalName' => $entry['userprincipalname'][0] ?? $userPrincipalName
+    ];
+
+    ldap_unbind($ldapconn);
+    return $userData;
+}
diff --git a/config/config.php b/config/config.php
index 5f4dfbd..1c18f01 100644
--- a/config/config.php
+++ b/config/config.php
@@ -1,26 +1,23 @@
 <?php
-return [
-    'ldap' => [
-        'server' => 'ldap://de-roo.org',
-        'base_dn' => 'OU=Gebruikers,OU=deRoo,DC=de-roo,DC=org',
-        'user_dn' => 'OU=Gebruikers,OU=deRoo,DC=de-roo,DC=org'
-    ],
+// config/config.php
 
+return [
     'db' => [
         'host' => 'localhost',
-        'name' => 'lootjesapp',
+        'name' => 'lootjes',
         'user' => 'lootjes',
-        'pass' => 'lootjesIsGek12#'
+        'pass' => 'lootjesIsGek12#',
+        'charset' => 'utf8mb4'
     ],
 
-    // deelnemerslijst (alleen gebruikt bij initialisatie)
-    'deelnemers' => [
-        'monica',
-        'thomas',
-        'emmy',
-        'jozefien'
-    ],
+    'ldap' => [
+        'server'       => 'ldap://de-roo.org',   // of ldaps://... voor SSL
+        'port'         => 389,
+        'base_dn'      => 'DC=de-roo,DC=org',
+        'user_dn'      => 'OU=Gebruikers,OU=deRoo,DC=de-roo,DC=org',
+        'admin_user'   => 'CN=ldap,OU=ServiceAccounts,OU=deRoo,DC=de-roo,DC=org',
+        'admin_pass'   => 'ld@ps3arch',
+        'use_tls'      => false
+    ]
 
-    'admin_users' => ['thomas'] // LDAP-gebruikersnaam van beheerder
 ];
-
diff --git a/data/dp.php b/data/dp.php
new file mode 100644
index 0000000..5357be2
--- /dev/null
+++ b/data/dp.php
@@ -0,0 +1,19 @@
+<?php
+// data/db.php
+
+$config = require __DIR__ . '/../config/config.php';
+$db = $config['db'];
+
+$dsn = "mysql:host={$db['host']};dbname={$db['name']};charset={$db['charset']}";
+
+$options = [
+    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+    PDO::ATTR_EMULATE_PREPARES   => false,
+];
+
+try {
+    $pdo = new PDO($dsn, $db['user'], $db['pass'], $options);
+} catch (PDOException $e) {
+    die("Databaseverbinding mislukt: " . htmlspecialchars($e->getMessage()));
+}
diff --git a/includes/db.php b/includes/db.php
deleted file mode 100644
index c666123..0000000
--- a/includes/db.php
+++ /dev/null
@@ -1,14 +0,0 @@
-<?php
-$config = require __DIR__ . '/../config/config.php';
-
-try {
-    $pdo = new PDO(
-        "mysql:host={$config['db']['host']};dbname={$config['db']['name']};charset=utf8mb4",
-        $config['db']['user'],
-        $config['db']['pass'],
-        [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
-    );
-} catch (PDOException $e) {
-    die("Databaseverbinding mislukt: " . $e->getMessage());
-}
-
diff --git a/includes/functions.php b/includes/functions.php
deleted file mode 100644
index 80301bc..0000000
--- a/includes/functions.php
+++ /dev/null
@@ -1,44 +0,0 @@
-<?php
-function startNieuweRonde($pdo)
-{
-    $config = require __DIR__ . '/../config/config.php';
-    $deelnemers = $config['deelnemers'];
-    $getrokken = [];
-
-    $targets = $deelnemers;
-    shuffle($targets);
-
-    // Zorg dat niemand zichzelf krijgt
-    do {
-        shuffle($targets);
-    } while (array_intersect_assoc($deelnemers, $targets));
-
-    foreach ($deelnemers as $i => $trekker) {
-        $getrokken[$trekker] = $targets[$i];
-    }
-
-    // Oude ronde archiveren
-    $archiefBestand = __DIR__ . '/../data/archief/' . date('Ymd_His') . '_lootjes.json';
-    if (file_exists(__DIR__ . '/../data/lootjes.json')) {
-        rename(__DIR__ . '/../data/lootjes.json', $archiefBestand);
-    }
-
-    file_put_contents(__DIR__ . '/../data/lootjes.json', json_encode($getrokken, JSON_PRETTY_PRINT));
-    return $getrokken;
-}
-
-function getLootjeVoor($gebruiker)
-{
-    $path = __DIR__ . '/../data/lootjes.json';
-    if (!file_exists($path)) return null;
-
-    $lootjes = json_decode(file_get_contents($path), true);
-    return $lootjes[$gebruiker] ?? null;
-}
-
-function isAdmin($username)
-{
-    $config = require __DIR__ . '/../config/config.php';
-    return in_array($username, $config['admin_users']);
-}
-
diff --git a/includes/ldap.php b/includes/ldap.php
deleted file mode 100644
index a1d0fe0..0000000
--- a/includes/ldap.php
+++ /dev/null
@@ -1,23 +0,0 @@
-<?php
-function ldap_authenticate($username, $password)
-{
-    $config = require __DIR__ . '/../config/config.php';
-    $ldapconn = ldap_connect($config['ldap']['server']);
-
-    if (!$ldapconn) {
-        return false;
-    }
-
-    ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
-    ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
-
-    $bind_dn = "uid={$username},{$config['ldap']['user_dn']}";
-
-    if (@ldap_bind($ldapconn, $bind_dn, $password)) {
-        ldap_unbind($ldapconn);
-        return true;
-    }
-
-    return false;
-}
-
diff --git a/public/admin.php b/public/admin.php
deleted file mode 100644
index 2f9e331..0000000
--- a/public/admin.php
+++ /dev/null
@@ -1,31 +0,0 @@
-<?php
-session_start();
-require_once __DIR__ . '/../includes/functions.php';
-require_once __DIR__ . '/../includes/db.php';
-
-if (!isset($_SESSION['user']) || !isAdmin($_SESSION['user'])) {
-    header('Location: dashboard.php');
-    exit;
-}
-
-$bericht = '';
-if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['nieuwe_ronde'])) {
-    $lootjes = startNieuweRonde($pdo);
-    $bericht = 'Nieuwe ronde gestart!';
-}
-?>
-<!DOCTYPE html>
-<html>
-<head><title>Beheer</title></head>
-<body>
-<h2>Beheerpagina</h2>
-<?php if ($bericht): ?><p style="color:green"><?= htmlspecialchars($bericht) ?></p><?php endif; ?>
-
-<form method="post">
-    <button type="submit" name="nieuwe_ronde">Start nieuwe lootjes-ronde</button>
-</form>
-
-<p><a href="dashboard.php">Terug</a></p>
-</body>
-</html>
-
diff --git a/public/dashboard.php b/public/dashboard.php
deleted file mode 100644
index ed9cfa9..0000000
--- a/public/dashboard.php
+++ /dev/null
@@ -1,34 +0,0 @@
-<?php
-session_start();
-require_once __DIR__ . '/../includes/functions.php';
-
-if (!isset($_SESSION['user'])) {
-    header('Location: login.php');
-    exit;
-}
-
-$gebruiker = $_SESSION['user'];
-$lootje = getLootjeVoor($gebruiker);
-?>
-<!DOCTYPE html>
-<html>
-<head><title>Dashboard</title></head>
-<body>
-<h2>Welkom, <?= htmlspecialchars($gebruiker) ?></h2>
-
-<?php if ($lootje): ?>
-    <p>Je hebt getrokken: <strong><?= htmlspecialchars($lootje) ?></strong></p>
-<?php else: ?>
-    <p>Er is nog geen ronde gestart.</p>
-<?php endif; ?>
-
-<p><a href="wishlist.php">Mijn verlanglijstje</a></p>
-
-<?php if (isAdmin($gebruiker)): ?>
-    <p><a href="admin.php">Beheerpagina</a></p>
-<?php endif; ?>
-
-<p><a href="logout.php">Uitloggen</a></p>
-</body>
-</html>
-
diff --git a/public/index.php b/public/index.php
deleted file mode 100644
index ecf72be..0000000
--- a/public/index.php
+++ /dev/null
@@ -1,10 +0,0 @@
-<?php
-session_start();
-
-if (isset($_SESSION['user'])) {
-    header('Location: dashboard.php');
-    exit;
-}
-header('Location: login.php');
-exit;
-
diff --git a/public/login.php b/public/login.php
deleted file mode 100644
index dc2f764..0000000
--- a/public/login.php
+++ /dev/null
@@ -1,33 +0,0 @@
-<?php
-session_start();
-require_once __DIR__ . '/../includes/ldap.php';
-
-$error = '';
-
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $user = $_POST['username'] ?? '';
-    $pass = $_POST['password'] ?? '';
-
-    if (ldap_authenticate($user, $pass)) {
-        $_SESSION['user'] = $user;
-        header('Location: dashboard.php');
-        exit;
-    } else {
-        $error = 'Ongeldige login.';
-    }
-}
-?>
-<!DOCTYPE html>
-<html>
-<head><title>Login</title></head>
-<body>
-<h2>Login</h2>
-<form method="post">
-    <label>Gebruikersnaam: <input type="text" name="username"></label><br>
-    <label>Wachtwoord: <input type="password" name="password"></label><br>
-    <button type="submit">Aanmelden</button>
-</form>
-<p style="color:red"><?= htmlspecialchars($error) ?></p>
-</body>
-</html>
-
diff --git a/public/logout.php b/public/logout.php
deleted file mode 100644
index 27487a8..0000000
--- a/public/logout.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-session_start();
-session_destroy();
-header('Location: login.php');
-exit;
-
diff --git a/public/wishlist.php b/public/wishlist.php
deleted file mode 100644
index 8197eeb..0000000
--- a/public/wishlist.php
+++ /dev/null
@@ -1,34 +0,0 @@
-<?php
-session_start();
-require_once __DIR__ . '/../includes/db.php';
-
-if (!isset($_SESSION['user'])) {
-    header('Location: login.php');
-    exit;
-}
-
-$gebruiker = $_SESSION['user'];
-
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $wensen = $_POST['wensen'] ?? '';
-    $stmt = $pdo->prepare("REPLACE INTO wishlists (user, wensen) VALUES (?, ?)");
-    $stmt->execute([$gebruiker, $wensen]);
-}
-
-$stmt = $pdo->prepare("SELECT wensen FROM wishlists WHERE user = ?");
-$stmt->execute([$gebruiker]);
-$wensen = $stmt->fetchColumn();
-?>
-<!DOCTYPE html>
-<html>
-<head><title>Verlanglijstje</title></head>
-<body>
-<h2>Mijn verlanglijstje</h2>
-<form method="post">
-    <textarea name="wensen" rows="8" cols="40"><?= htmlspecialchars($wensen ?? '') ?></textarea><br>
-    <button type="submit">Opslaan</button>
-</form>
-<p><a href="dashboard.php">Terug</a></p>
-</body>
-</html>
-
diff --git a/test_ldap.php b/test_ldap.php
new file mode 100644
index 0000000..efda1bb
--- /dev/null
+++ b/test_ldap.php
@@ -0,0 +1,29 @@
+<?php
+require __DIR__ . '/auth/ldap.php';
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $username = $_POST['username'] ?? '';
+    $password = $_POST['password'] ?? '';
+
+    $user = ldap_authenticate($username, $password);
+
+    if ($user) {
+        echo "<h3 style='color:green;'>✅ Inloggen geslaagd!</h3>";
+        echo "<ul>";
+        echo "<li>Naam: " . htmlspecialchars($user['displayName']) . "</li>";
+        echo "<li>Voornaam: " . htmlspecialchars($user['givenName']) . "</li>";
+        echo "<li>Achternaam: " . htmlspecialchars($user['sn']) . "</li>";
+        echo "<li>Gebruikersnaam (sAMAccountName): " . htmlspecialchars($user['username']) . "</li>";
+        echo "<li>Email: " . htmlspecialchars($user['email']) . "</li>";
+        echo "<li>UserPrincipalName: " . htmlspecialchars($user['userPrincipalName']) . "</li>";
+        echo "</ul>";
+    } else {
+        echo "<p style='color:red;'>❌ Ongeldige inloggegevens.</p>";
+    }
+}
+?>
+<form method="post">
+    <label>Gebruikersnaam (zonder domein): <input type="text" name="username" required></label><br>
+    <label>Wachtwoord: <input type="password" name="password" required></label><br>
+    <button type="submit">Login</button>
+</form>