From 906beaaa4b71fa34b396b6d8a3baca14a6fb9d4c Mon Sep 17 00:00:00 2001
From: Vichingo455 <vichingo455@gmail.com>
Date: Wed, 1 Oct 2025 15:15:28 +0200
Subject: [PATCH] Integrated auth by default

---
 README.md                      |  6 ++--
 htdocs/admin/login.php         | 62 ++++++++++++++++++++++++++--------
 htdocs/admin/login.php.backup  | 62 ++++++++--------------------------
 htdocs/admin/logout.php        |  4 +--
 htdocs/admin/logout.php.backup |  4 +--
 5 files changed, 69 insertions(+), 69 deletions(-)

diff --git a/README.md b/README.md
index 2d1be1b..2cb0d23 100644
--- a/README.md
+++ b/README.md
@@ -60,8 +60,8 @@ $host = "localhost";
 $user = "utente";
 $pass = "password123";
 ```
-7. **Modifica ``admin/login.php`` e ``admin/logout.php`` con i dati di un'istanza keycloak. In caso tu voglia usare l'autenticazione via nome utente e password (e non keycloak), cancella quei due file e rinomina ``admin/login.php.backup`` in ``login.php`` e ``admin/logout.php.backup`` in ``logout.php``**
-- Esempio (``login.php`` con keycloak):
+7. **(Opzionale) Modifica ``admin/login.php.keycloak`` e ``admin/logout.php.keycloak`` con i dati di un'istanza keycloak, in caso tu voglia usare Keycloak e non l'autenticazione integrata. Cancella poi i file ``login.php`` e ``logout.php`` e rinomina ``admin/login.php.keycloak`` in ``login.php`` e ``admin/logout.php.keycloak`` in ``logout.php``**
+- Esempio (``login.php.keycloak``):
 ```php
 $oidc = new OpenIDConnectClient(
     'https://keycloak.local/realms/master/',
@@ -70,7 +70,7 @@ $oidc = new OpenIDConnectClient(
 );
 $oidc->setRedirectURL('https://orario.local/admin/login.php'); // orario.local è il dominio base di questa piattaforma
 ```
-- Esempio (``logout.php`` con keycloak):
+- Esempio (``logout.php.keycloak``):
 ```php
 header('Location: https://keycloak.local/realms/master/protocol/openid-connect/logout?post_logout_redirect_uri=https://orario.local&client_id=orario');
 ```
diff --git a/htdocs/admin/login.php b/htdocs/admin/login.php
index 8347efc..e579ea4 100644
--- a/htdocs/admin/login.php
+++ b/htdocs/admin/login.php
@@ -1,18 +1,50 @@
 <?php
-require 'vendor/autoload.php';
-use Jumbojett\OpenIDConnectClient;
 session_start();
-// Configura il client Keycloak
-$oidc = new OpenIDConnectClient(
-    'https://<KEYCLOAK_URL>/realms/<REALM>/',
-    '<CLIENT_ID>',
-    '<CLIENT_SECRET>'
-);
-// Redirect post-login
-$oidc->setRedirectURL('https://<APP_DOMAIN>/admin/login.php');
+include("../db.php");
 
-$oidc->authenticate();
-$userinfo = $oidc->getVerifiedClaims();
-$_SESSION['admin'] = $userinfo->preferred_username;
-header("Location: index.php");
-exit;
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+    $username = $_POST['username'];
+    $password = $_POST['password'];
+    $stmt = $conn->prepare("SELECT * FROM admin WHERE username = ?");
+    $stmt->bind_param("s", $username);
+    $stmt->execute();
+    $res = $stmt->get_result();
+    if ($row = $res->fetch_assoc()) {
+        if (password_verify($password, $row['password'])) {
+            $_SESSION['admin'] = $row['username'];
+            header("Location: index.php");
+            exit;
+        }
+    }
+    $error = "Credenziali non valide";
+}
+?>
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Login Admin</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <link rel="stylesheet" href="style.css">
+</head>
+<body>
+
+  <div class="navbar">
+    <div class="logo">Admin Dashboard</div>
+    <div class="links">
+      <a href="/">Torna al sito</a>
+    </div>
+  </div>
+
+  <!-- Container login -->
+  <div class="login-container">
+    <h1>Login Admin</h1>
+    <?php if(isset($error)) echo "<div class='error'>$error</div>"; ?>
+    <form method="post">
+      <input type="text" name="username" placeholder="Username" required><br>
+      <input type="password" name="password" placeholder="Password" required><br>
+      <button type="submit">Login</button>
+    </form>
+  </div>
+<p style="text-align: center;">Copyright (C) 2025 EmmeV. - Released under <a href="https://git.vichingo455.freeddns.org/emmev-code/orario/src/branch/stable/LICENSE.txt" target="_blank">GNU AGPL 3.0 License</a>.</p>
+</body>
+</html>
diff --git a/htdocs/admin/login.php.backup b/htdocs/admin/login.php.backup
index e579ea4..8347efc 100644
--- a/htdocs/admin/login.php.backup
+++ b/htdocs/admin/login.php.backup
@@ -1,50 +1,18 @@
 <?php
+require 'vendor/autoload.php';
+use Jumbojett\OpenIDConnectClient;
 session_start();
-include("../db.php");
+// Configura il client Keycloak
+$oidc = new OpenIDConnectClient(
+    'https://<KEYCLOAK_URL>/realms/<REALM>/',
+    '<CLIENT_ID>',
+    '<CLIENT_SECRET>'
+);
+// Redirect post-login
+$oidc->setRedirectURL('https://<APP_DOMAIN>/admin/login.php');
 
-if ($_SERVER["REQUEST_METHOD"] == "POST") {
-    $username = $_POST['username'];
-    $password = $_POST['password'];
-    $stmt = $conn->prepare("SELECT * FROM admin WHERE username = ?");
-    $stmt->bind_param("s", $username);
-    $stmt->execute();
-    $res = $stmt->get_result();
-    if ($row = $res->fetch_assoc()) {
-        if (password_verify($password, $row['password'])) {
-            $_SESSION['admin'] = $row['username'];
-            header("Location: index.php");
-            exit;
-        }
-    }
-    $error = "Credenziali non valide";
-}
-?>
-<!DOCTYPE html>
-<html>
-<head>
-  <title>Login Admin</title>
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <link rel="stylesheet" href="style.css">
-</head>
-<body>
-
-  <div class="navbar">
-    <div class="logo">Admin Dashboard</div>
-    <div class="links">
-      <a href="/">Torna al sito</a>
-    </div>
-  </div>
-
-  <!-- Container login -->
-  <div class="login-container">
-    <h1>Login Admin</h1>
-    <?php if(isset($error)) echo "<div class='error'>$error</div>"; ?>
-    <form method="post">
-      <input type="text" name="username" placeholder="Username" required><br>
-      <input type="password" name="password" placeholder="Password" required><br>
-      <button type="submit">Login</button>
-    </form>
-  </div>
-<p style="text-align: center;">Copyright (C) 2025 EmmeV. - Released under <a href="https://git.vichingo455.freeddns.org/emmev-code/orario/src/branch/stable/LICENSE.txt" target="_blank">GNU AGPL 3.0 License</a>.</p>
-</body>
-</html>
+$oidc->authenticate();
+$userinfo = $oidc->getVerifiedClaims();
+$_SESSION['admin'] = $userinfo->preferred_username;
+header("Location: index.php");
+exit;
diff --git a/htdocs/admin/logout.php b/htdocs/admin/logout.php
index 02d5aea..3abdd6e 100644
--- a/htdocs/admin/logout.php
+++ b/htdocs/admin/logout.php
@@ -1,5 +1,5 @@
 <?php
 session_start();
 session_destroy();
-header('Location: https://<KEYCLOAK_URL>/realms/<REALM>/protocol/openid-connect/logout?post_logout_redirect_uri=https://<APP_DOMAIN>&client_id=<CLIENT_ID>');
-exit;
+header("Location: /index.php");
+?>
diff --git a/htdocs/admin/logout.php.backup b/htdocs/admin/logout.php.backup
index 3abdd6e..02d5aea 100644
--- a/htdocs/admin/logout.php.backup
+++ b/htdocs/admin/logout.php.backup
@@ -1,5 +1,5 @@
 <?php
 session_start();
 session_destroy();
-header("Location: /index.php");
-?>
+header('Location: https://<KEYCLOAK_URL>/realms/<REALM>/protocol/openid-connect/logout?post_logout_redirect_uri=https://<APP_DOMAIN>&client_id=<CLIENT_ID>');
+exit;