login

2025-11-12 14:54:59 +01:00
parent 3ac6f07662
commit dbb48b07f4
5 changed files with 56 additions and 57 deletions
--- a/admin.php
+++ b/admin.php
@@ -1,3 +1,13 @@
+<?php
+session_start();
+
+if (!isset($_SESSION['user'])) {
+    $redirect = urlencode($_SERVER['REQUEST_URI']);
+    header("Location: login.php?redirect=$redirect");
+    exit;
+}
+?>
+
 <?php
 session_start();
 require __DIR__ . '/data/db.php';
--- a/index.php
+++ b/index.php
@@ -1,3 +1,14 @@
+<?php
+session_start();
+
+if (!isset($_SESSION['user'])) {
+    $redirect = urlencode($_SERVER['REQUEST_URI']);
+    header("Location: login.php?redirect=$redirect");
+    exit;
+}
+?>
+
+
 <?php
 session_start();
 require __DIR__ . '/data/db.php';
--- a/login.php
+++ b/login.php
@@ -1,11 +1,14 @@
 <?php
-session_start(); // start de sessie
+session_start();

 require __DIR__ . '/auth/ldap.php';
 require __DIR__ . '/data/db.php';
 require __DIR__ . '/functions/logging.php';
 require __DIR__ . '/functions/ldap_groups.php';

+// Bepaal naar welke pagina terug te gaan na login
+$redirect = $_GET['redirect'] ?? $_POST['redirect'] ?? 'index.php';
+
 // Afmelden
 if (isset($_POST['logout'])) {
    if (isset($_SESSION['user'])) {
@@ -17,6 +20,7 @@ if (isset($_POST['logout'])) {
 }

 // Inloggen
+$error = '';
 if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['username'], $_POST['password'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
@@ -26,30 +30,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['username'], $_POST['p
    if ($user) {
        $_SESSION['user'] = $user;
        log_action($pdo, $user['username'], 'Inloggen via LDAP', 'Test-login script');
-        header('Location: ' . $_SERVER['PHP_SELF']);
+        header('Location: ' . $redirect);
        exit;
    } else {
        $error = "Ongeldige inloggegevens.";
        log_action($pdo, $username, 'Mislukte login via LDAP', 'Test-login script');
    }
 }
-
-// Uitloggen
-if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['logout'])) {
-    if (isset($_SESSION['user'])) {
-        // Log de uitlogactie
-        log_action($pdo, $_SESSION['user']['username'], 'Uitloggen via LDAP', 'Test-login script');
-    }
-
-    // Sessie verwijderen
-    session_unset();
-    session_destroy();
-
-    // Herlaad de pagina om het loginformulier te tonen
-    header('Location: ' . $_SERVER['PHP_SELF']);
-    exit;
-}
-
 ?>

 <!DOCTYPE html>
@@ -60,45 +47,16 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['logout'])) {
 </head>
 <body>

-<?php if (isset($_SESSION['user'])): ?>
-    <h3 style="color:green;">✅ Ingelogd als <?= htmlspecialchars($_SESSION['user']['displayName']) ?></h3>
-    <ul>
-        <li>Voornaam: <?= htmlspecialchars($_SESSION['user']['givenName']) ?></li>
-        <li>Achternaam: <?= htmlspecialchars($_SESSION['user']['sn']) ?></li>
-        <li>Gebruikersnaam: <?= htmlspecialchars($_SESSION['user']['username']) ?></li>
-        <li>Email: <?= htmlspecialchars($_SESSION['user']['email']) ?></li>
-    </ul>
-
-    <?php
-    // Leden van APP_LootjesTrekken
-    $members = get_group_members('APP_LootjesTrekken');
-    if (!empty($members)):
-    ?>
-        <h3>Deelnemers aan de trekking:</h3>
-        <ul>
-            <?php foreach ($members as $name): ?>
-                <li><?= htmlspecialchars($name) ?></li>
-            <?php endforeach; ?>
-        </ul>
-    <?php endif; ?>
-
-    <form method="post">
-        <button type="submit" name="logout">Afmelden</button>
-    </form>
-
-<?php else: ?>
-
-    <?php if (!empty($error)): ?>
-        <p style="color:red;"><?= htmlspecialchars($error) ?></p>
-    <?php endif; ?>
-
-    <form method="post">
-        <label>Gebruikersnaam (zonder domein): <input type="text" name="username" required></label><br>
-        <label>Wachtwoord: <input type="password" name="password" required></label><br>
-        <button type="submit">Login</button>
-    </form>
-
+<?php if (!empty($error)): ?>
+<p style="color:red;"><?= htmlspecialchars($error) ?></p>
 <?php endif; ?>

+<form method="post">
+    <input type="hidden" name="redirect" value="<?= htmlspecialchars($redirect) ?>">
+    <label>Gebruikersnaam: <input type="text" name="username" required></label><br>
+    <label>Wachtwoord: <input type="password" name="password" required></label><br>
+    <button type="submit">Login</button>
+</form>
+
 </body>
 </html>
--- a/show_log.php
+++ b/show_log.php
@@ -1,3 +1,13 @@
+<?php
+session_start();
+
+if (!isset($_SESSION['user'])) {
+    $redirect = urlencode($_SERVER['REQUEST_URI']);
+    header("Location: login.php?redirect=$redirect");
+    exit;
+}
+?>
+
 <?php
 require __DIR__ . '/data/db.php'; // Zorg dat $pdo hier beschikbaar is

--- a/wishlist.php
+++ b/wishlist.php
@@ -1,3 +1,13 @@
+<?php
+session_start();
+
+if (!isset($_SESSION['user'])) {
+    $redirect = urlencode($_SERVER['REQUEST_URI']);
+    header("Location: login.php?redirect=$redirect");
+    exit;
+}
+?>
+
 <?php
 session_start();
 require __DIR__ . '/data/db.php';