05631e4a63
- Agregado sistema de protección CSRF con tokens - Creada clase Session para gestión centralizada de sesiones - Mejorado manejo de errores en Database (sin die()) - Refactorizado Auth para usar nueva clase Session - Agregada validación CSRF a formularios de login y admin - Agregada validación de roles en modelo User - Mejorada vista de ayudante con tabla de horarios por semana - Agregada tabla de Turnos de Ayudantes con fechas en columnas
88 lines
3.2 KiB
PHP
Executable File
88 lines
3.2 KiB
PHP
Executable File
<?php
|
|
ini_set('display_errors', 1);
|
|
error_reporting(E_ALL);
|
|
|
|
require_once __DIR__ . '/../src/Auth.php';
|
|
require_once __DIR__ . '/../src/CSRF.php';
|
|
|
|
$auth = new Auth();
|
|
|
|
if ($auth->isLoggedIn()) {
|
|
if ($auth->isAdmin()) {
|
|
header('Location: /admin/index.php');
|
|
} else {
|
|
header('Location: /ayudante.php');
|
|
}
|
|
exit;
|
|
}
|
|
|
|
$error = '';
|
|
$loginInput = '';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
if (!CSRF::isValidRequest()) {
|
|
$error = 'Error de validación del formulario';
|
|
} else {
|
|
$loginInput = trim($_POST['login'] ?? '');
|
|
$password = $_POST['password'] ?? '';
|
|
|
|
if (empty($loginInput) || empty($password)) {
|
|
$error = 'Por favor ingresa usuario/email y contraseña';
|
|
} else {
|
|
if ($auth->login($loginInput, $password)) {
|
|
if ($auth->isAdmin()) {
|
|
header('Location: /admin/index.php');
|
|
} else {
|
|
header('Location: /ayudante.php');
|
|
}
|
|
exit;
|
|
} else {
|
|
$error = 'Usuario/email o contraseña incorrectos';
|
|
}
|
|
}
|
|
}
|
|
}
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html lang="es">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<title>Login - Contenedor Ibiza</title>
|
|
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
|
|
</head>
|
|
<body class="bg-light d-flex align-items-center justify-content-center" style="min-height: 100vh;">
|
|
<div class="container">
|
|
<div class="row justify-content-center">
|
|
<div class="col-md-5">
|
|
<div class="card shadow">
|
|
<div class="card-body p-5">
|
|
<h3 class="text-center mb-4">Contenedor Ibiza</h3>
|
|
<h5 class="text-center text-muted mb-4">Iniciar Sesión</h5>
|
|
|
|
<?php if ($error): ?>
|
|
<div class="alert alert-danger"><?= htmlspecialchars($error) ?></div>
|
|
<?php endif; ?>
|
|
|
|
<form method="POST">
|
|
<?= CSRF::getTokenField() ?>
|
|
<div class="mb-3">
|
|
<label for="login" class="form-label">Usuario o Email</label>
|
|
<input type="text" class="form-control" id="login" name="login"
|
|
value="<?= htmlspecialchars($loginInput) ?>" required>
|
|
</div>
|
|
<div class="mb-4">
|
|
<label for="password" class="form-label">Contraseña</label>
|
|
<input type="password" class="form-control" id="password" name="password" required>
|
|
</div>
|
|
<button type="submit" class="btn btn-primary w-100 py-2">Ingresar</button>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
|
|
</body>
|
|
</html>
|