33 lines
1.0 KiB
PHP
33 lines
1.0 KiB
PHP
<?php
|
|
global $db;
|
|
|
|
try {
|
|
$data = json_decode(file_get_contents("php://input"), true);
|
|
if (!$data || empty($data['email']) || empty($data['password'])) {
|
|
http_response_code(400);
|
|
echo json_encode(['message' => 'E-Mail und Passwort erforderlich']);
|
|
exit;
|
|
}
|
|
|
|
$stmt = $db->prepare("SELECT id, email, password_hash, role FROM users WHERE email = :email LIMIT 1");
|
|
$stmt->execute([':email' => $data['email']]);
|
|
$user = $stmt->fetch();
|
|
|
|
if (!$user || !password_verify($data['password'], $user['password_hash'])) {
|
|
http_response_code(401);
|
|
echo json_encode(['message' => 'Ungültige Anmeldedaten']);
|
|
exit;
|
|
}
|
|
|
|
$_SESSION['user'] = [
|
|
'id' => (int)$user['id'],
|
|
'email' => $user['email'],
|
|
'role' => $user['role'],
|
|
];
|
|
|
|
echo json_encode(['message' => 'Login erfolgreich', 'user' => $_SESSION['user']]);
|
|
} catch (Exception $e) {
|
|
error_log("Login error: " . $e->getMessage());
|
|
http_response_code(500);
|
|
echo json_encode(['message' => 'Login fehlgeschlagen']);
|
|
} |