Initial Commit

api/auth/login.php

@@ -0,0 +1,33 @@
+<?php
+global $db;
+
+try {
+    $data = json_decode(file_get_contents("php://input"), true);
+    if (!$data || empty($data['email']) || empty($data['password'])) {
+        http_response_code(400);
+        echo json_encode(['message' => 'E-Mail und Passwort erforderlich']);
+        exit;
+    }
+
+    $stmt = $db->prepare("SELECT id, email, password_hash, role FROM users WHERE email = :email LIMIT 1");
+    $stmt->execute([':email' => $data['email']]);
+    $user = $stmt->fetch();
+
+    if (!$user || !password_verify($data['password'], $user['password_hash'])) {
+        http_response_code(401);
+        echo json_encode(['message' => 'Ungültige Anmeldedaten']);
+        exit;
+    }
+
+    $_SESSION['user'] = [
+        'id' => (int)$user['id'],
+        'email' => $user['email'],
+        'role' => $user['role'],
+    ];
+
+    echo json_encode(['message' => 'Login erfolgreich', 'user' => $_SESSION['user']]);
+} catch (Exception $e) {
+    error_log("Login error: " . $e->getMessage());
+    http_response_code(500);
+    echo json_encode(['message' => 'Login fehlgeschlagen']);
+}

api/auth/logout.php

@@ -0,0 +1,3 @@
+<?php
+session_destroy();
+echo json_encode(['message' => 'Logout erfolgreich']);

api/auth/me.php

@@ -0,0 +1,6 @@
+<?php
+$auth = isset($_SESSION['user']);
+echo json_encode([
+    'authenticated' => $auth,
+    'user' => $auth ? $_SESSION['user'] : null
+]);