time()) { $remaining = $_SESSION['lockout_time_'. $logintype] - time(); $minutes = ceil($remaining / 60); $error = "Zu viele fehlgeschlagene Anmeldeversuche. Bitte warte $minutes Minute(n)."; } elseif (isset($_POST[$logintype.'_login_submit'])) { $token = "QQa2UMbEYW8oOL7wz9DjtqECVCikSZsDuSdmzxiadEXFsKyujEUyQOW1AYMD2OqU8VXxClIRweRuWLzvBrZpPYL41e89Rs96tM7Lq1KpjA5E2mg2UfgvztheGRV"; require __DIR__ .'/../db/db-verbindung-script-guest.php'; require __DIR__ . "/../db/db-tables.php"; $username = htmlspecialchars(trim($_POST['access_username']), ENT_QUOTES); $password = trim($_POST['access_passcode']); // Prepare statement $stmt = $guest->prepare("SELECT * FROM $tableInternUsers WHERE username = ? LIMIT 1"); $stmt->bind_param("s", $username); $stmt->execute(); $result = $stmt->get_result(); $user = $result->fetch_assoc(); if (!$user) { $_SESSION['login_attempts_'. $logintype]++; if ($_SESSION['login_attempts_'. $logintype] >= $max_attempts) { $_SESSION['lockout_time_'. $logintype] = time() + $lockout_period; $error = "Zu viele fehlgeschlagene Anmeldeversuche. Bitte versuche es in ".ceil($lockout_period / 60)." Minuten erneut."; } else { $remaining_attempts = $max_attempts - $_SESSION['login_attempts_'. $logintype]; $error = "Benutzer / Passwort unbekannt. Noch $remaining_attempts Versuch(e) möglich."; } } else { $freigaben = json_decode($user['freigabe'], true) ?: []; $freigabe_values = $freigaben['types'] ?? []; // Verify password using PHP native function if (password_verify($password, $user['password_hash']) && in_array($logintype, $freigabe_values)) { foreach ($freigabe_values as $freigabe) { $_SESSION['access_granted_'. $freigabe] = true; $_SESSION['passcode'. $freigabe .'_id'] = $user['id']; $_SESSION['lockout_time_'. $freigabe] = 0; $_SESSION['login_attempts_'. $freigabe] = 0; } // Redirect using plain PHP header("Location:" . $_SERVER['REQUEST_URI']); exit; } elseif ($password === ' ') { $error = "Kein Passwort eingegeben."; } else { $_SESSION['login_attempts_'. $logintype]++; if ($_SESSION['login_attempts_'. $logintype] >= $max_attempts) { $_SESSION['lockout_time_'. $logintype] = time() + $lockout_period; $error = "Zu viele fehlgeschlagene Anmeldeversuche. Bitte versuche es in ".ceil($lockout_period / 60)." Minuten erneut."; } else { $remaining_attempts = $max_attempts - $_SESSION['login_attempts_'. $logintype]; $error = "Benutzer / Passwort unbekannt. Noch $remaining_attempts Versuch(e) möglich."; } } } } ?>