Login fertiggestellt im Admin Panel

admin/login.php

@@ -1,5 +1,14 @@
 <?php
+header("Content-Type: application/json");
+header("Access-Control-Allow-Origin: *");
+
 include("../../mysqlverbinden.php");
+include("../vendor/autoload.php");
+
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+
+include("secret.php");
 
 if(!isset($_GET["username"])) die("GET username fehlt");
 $username=$_GET["username"];
@@ -11,10 +20,15 @@ $result=mysqli_execute_query($db_id,"SELECT `password` FROM `adminpanel-users` W
 if(!isset($result["password"])) 
 		die('{"error":"Falscher Benutzername","success":false}');
 
-if($result["password"]!=$password)
+if(!password_verify($password,$result["password"]))
 		die('{"error":"Falsches Passwort","success":false}');
 
-$token="";
+$payload=[
+		"username"=>$username,
+		"expire"=>time()+3600
+];
+
+$token=JWT::encode($payload,$secret,"HS256");
 
 echo json_encode(["token"=>$token,"success"=>true],JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES);
 

admin/userinfo.php

@@ -0,0 +1,25 @@
+<?php
+header("Content-Type: application/json");
+header("Access-Control-Allow-Origin: *");
+header("Access-Control-Allow-Headers: Authorization");
+
+
+include("../../mysqlverbinden.php");
+include("secret.php");
+include("../vendor/autoload.php");
+
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+
+$token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
+
+// "Bearer " entfernen
+$token = str_replace('Bearer ', '', $token);
+
+try {
+		$payload=JWT::decode($token, new Key($secret,"HS256"));
+		if($payload->expire<time()) die('{"error":"Token expired"}');
+		echo json_encode($payload,JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES);
+}catch(Exception $e){
+		die('{"error":"Invalid Token"}');
+}