From a7cad8edca68742b7a3cf2e2b9cf4c9dc01c3848 Mon Sep 17 00:00:00 2001
From: R40fendt <r40test311@gmail.com>
Date: Sat, 3 Jan 2026 19:49:22 +0100
Subject: [PATCH] Fomulare multiple-Spalte, Admin Panel Auth angefangen

---
 admin/login.php      | 20 ++++++++++++++++++++
 admin/userinfo.php   |  0
 formulare/submit.php | 36 ++++++++++++++++++++++++++++++++++--
 hits.txt             |  2 +-
 4 files changed, 55 insertions(+), 3 deletions(-)
 create mode 100755 admin/login.php
 create mode 100755 admin/userinfo.php

diff --git a/admin/login.php b/admin/login.php
new file mode 100755
index 0000000..20c862e
--- /dev/null
+++ b/admin/login.php
@@ -0,0 +1,20 @@
+<?php
+include("../../mysqlverbinden.php");
+
+if(!isset($_GET["username"])) die("GET username fehlt");
+$username=$_GET["username"];
+
+if(!isset($_GET["password"])) die("GET password fehlt");
+$password=$_GET["password"];
+
+$result=mysqli_execute_query($db_id,"SELECT `password` FROM `adminpanel-users` WHERE `username`=?;",[$username])->fetch_assoc();
+if(!isset($result["password"])) 
+		die('{"error":"Falscher Benutzername","success":false}');
+
+if($result["password"]!=$password)
+		die('{"error":"Falsches Passwort","success":false}');
+
+$token="";
+
+echo json_encode(["token"=>$token,"success"=>true],JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES);
+
diff --git a/admin/userinfo.php b/admin/userinfo.php
new file mode 100755
index 0000000..e69de29
diff --git a/formulare/submit.php b/formulare/submit.php
index 91c571c..4481495 100755
--- a/formulare/submit.php
+++ b/formulare/submit.php
@@ -4,10 +4,42 @@ include("../../mysqlverbinden.php");
 
 if(!isset($_POST["internalformid"])) die("POST internalformid fehlt");
 $formid=$_POST["internalformid"];
-print_r($_POST);
+
+if(mysqli_execute_query($db_id,"SELECT * FROM `formulare` WHERE `id`=?;",[$formid])->fetch_assoc()["multiple"]==0) {
+		foreach(mysqli_execute_query($db_id,"SELECT `id` FROM `formulare-ergebnisse`;") as $row){
+				$same=true;
+				$checkedKeys=[];
+			foreach(mysqli_execute_query($db_id,"SELECT `name` FROM `formulare-fields` WHERE `formular`=?;",[$formid]) as $fieldName){
+				$name=$fieldName["name"];
+				$nameStripped=$name;
+				if(substr($name,-2)=="[]"){
+					$nameStripped=substr($name,0,-2);
+				}
+				$row2=mysqli_execute_query($db_id,"SELECT `name`,`value` FROM `formulare-ergebnis` WHERE `ergebnisid`=? AND `name`=?;",[$row["id"],$name])->fetch_assoc();
+				if(isset($row2["value"])!=isset($_POST[$nameStripped])){
+						$same=false;
+					continue;	
+				}
+					$value=$_POST[$nameStripped];
+					if(is_array($value)){
+							$value=json_encode($value,JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES);
+					}
+					if(!is_string($value)) $value=strval($value);
+					if($value!=$row2["value"]){
+							$same=false;
+					}
+					$checkedKeys[]=$name;
+
+			}	
+				if($same) die("Fehler: Doppelte Einträge sind nicht erlaubt");
+		}
+
+
+} 
+
 mysqli_execute_query($db_id,"INSERT INTO `formulare-ergebnisse` (`formular`) VALUES (?);",[$formid]);
 $id = mysqli_insert_id($db_id);
-echo $id;
+
 
 foreach($_POST as $key => $value){
 	if($key=="internalformid") continue;
diff --git a/hits.txt b/hits.txt
index 7813681..c793025 100755
--- a/hits.txt
+++ b/hits.txt
@@ -1 +1 @@
-5
\ No newline at end of file
+7
\ No newline at end of file