Initial production version

login.php

@@ -0,0 +1,60 @@
+<?php
+declare(strict_types=1);
+session_start();
+
+require __DIR__ . "/config.php";
+
+$err = "";
+
+if ($_SERVER["REQUEST_METHOD"] === "POST") {
+    $user = isset($_POST["user"]) ? trim((string)$_POST["user"]) : "";
+    $pass = isset($_POST["pass"]) ? (string)$_POST["pass"] : "";
+
+    if ($user === "" || $pass === "") {
+        $err = "Merci de renseigner l'identifiant et le mot de passe.";
+    } else {
+        if (hash_equals(ADMIN_USER, $user) && hash_equals(ADMIN_PASS, $pass)) {
+            $_SESSION["is_admin"] = true;
+            $_SESSION["admin_user"] = $user;
+            session_regenerate_id(true);
+            header("Location: /flag.php");
+            exit;
+        } else {
+            $err = "Identifiants invalides.";
+        }
+    }
+}
+?>
+<!doctype html>
+<html lang="fr">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Login</title>
+  <link rel="stylesheet" href="/style.css">
+</head>
+<body>
+<div class="container center">
+  <div class="card auth-card">
+    <div class="kicker">🔐 Connexion admin</div>
+    <h1>Login</h1>
+
+    <?php if ($err !== ""): ?>
+      <div class="alert danger"><?php echo htmlspecialchars($err); ?></div>
+    <?php endif; ?>
+
+    <form method="post" action="/login.php">
+      <label for="user">Identifiant</label>
+      <input id="user" type="text" name="user" autocomplete="username" required>
+
+      <label for="pass">Mot de passe</label>
+      <input id="pass" type="password" name="pass" autocomplete="current-password" required>
+
+      <button class="btn primary" type="submit">Se connecter</button>
+    </form>
+
+    <div class="footer"><a href="/">← Retour accueil</a></div>
+  </div>
+</div>
+</body>
+</html>