From b4c5946719688baf6ff168ab393f0f4cd7c67d84 Mon Sep 17 00:00:00 2001
From: aschwarz <a.schwarz@polizei.bwl.de>
Date: Mon, 6 Nov 2023 11:36:15 +0100
Subject: [PATCH] Smarty Template korrekt; LDAP Connects mit DB Connects

---
 .gitignore                                    |   1 +
 config/datenbankanbindung.php                 |   1 -
 config/smarty.php                             |  19 ++
 controller/admin_login.php                    | 253 +++++++++---------
 controller/func_ldap_connect.php              |  77 ++++++
 html/login.html                               |  13 +-
 index.php                                     |   3 +
 js/components/admin_login.js                  |   6 +-
 php/login.php                                 |  10 +-
 ...0ef2309814fa6ee1285d_0.file_login.html.php | 235 ----------------
 10 files changed, 239 insertions(+), 379 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 config/smarty.php
 create mode 100644 controller/func_ldap_connect.php
 create mode 100644 index.php
 delete mode 100644 smarty_tmp/templates_c/f9e2b78800181bf212fe0ef2309814fa6ee1285d_0.file_login.html.php

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..73758c7
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+smarty_tmp/*
diff --git a/config/datenbankanbindung.php b/config/datenbankanbindung.php
index a505f89..67a1346 100644
--- a/config/datenbankanbindung.php
+++ b/config/datenbankanbindung.php
@@ -4,7 +4,6 @@
    function dbconnect() //--Prozedur - kein return-Wert
     {
      $db = @new mysqli( 'localhost', 'root', '', 'ams_stammdaten' );
-     //$db = @new mysqli( 'localhost', 'lgadmin', '!S1ge1nA', 'leitgedanken' );
      $db->query("set sql_mode = 'ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'");
      $db->set_charset('utf8mb4');
      $db->query("SET NAMES 'utf8mb4'");
diff --git a/config/smarty.php b/config/smarty.php
new file mode 100644
index 0000000..e9bbe2d
--- /dev/null
+++ b/config/smarty.php
@@ -0,0 +1,19 @@
+<?php
+date_default_timezone_set("Europe/Berlin");
+$path = dirname(__FILE__);
+$pos = stripos($path, 'login');
+$dir = substr($path,0,$pos).'login/';
+define('SMARTY_DIR', $dir);
+require(SMARTY_DIR . 'vendor/autoload.php');
+use Smarty\Smarty;
+    class SmartyAdmin extends Smarty{
+
+        public function __construct(){
+            parent::__construct();    // this must be called 
+            $this->template_dir  = SMARTY_DIR.'html';
+            $this->compile_dir   = SMARTY_DIR.'smarty_tmp/templates_c';
+            $this->config_dir    = SMARTY_DIR.'smarty_tmp/config';
+            $this->cache_dir     = SMARTY_DIR.'smarty_tmp/cache';
+        }
+    }
+?>
\ No newline at end of file
diff --git a/controller/admin_login.php b/controller/admin_login.php
index 900e265..fb7ce43 100644
--- a/controller/admin_login.php
+++ b/controller/admin_login.php
@@ -1,174 +1,175 @@
 <?php
 # https://www.php-einfach.de/experte/php-codebeispiele/loginscript/angemeldet-bleiben/
 require_once("../config/datenbankanbindung.php");
-#require_once("func_get_parameter.php");
+require_once("func_ldap_connect.php");
 #require_once("func_passwort_back.php");
 $db = dbconnect();
 
 $function = $_POST['function'];
-if(!isset($_SESSION)) { session_start(); }
+if (!isset($_SESSION)) {
+    session_start();
+}
 
 if ($function == 'logout') {
-  if($_SESSION['angemeldet_bleiben'] == 1){
-    $identifier = $_COOKIE['identifier'];
-    $securitytoken = $_COOKIE['securitytoken'];
-    $token_neu = sha1($securitytoken);
-    $sql1 = $db->query("DELETE FROM lg_securitytokens
+    if ($_SESSION['angemeldet_bleiben'] == 1) {
+        $identifier    = $_COOKIE['identifier'];
+        $securitytoken = $_COOKIE['securitytoken'];
+        $token_neu     = sha1($securitytoken);
+        $sql1          = $db->query("DELETE FROM lg_securitytokens
                          WHERE securitytoken ='$token_neu'
                            AND identifier = '$identifier'
                       ");
-  }
-  //Cookies entfernen
-  session_destroy();
-  setcookie("identifier","",time()-(3600*24*365)); 
-  setcookie("securitytoken","",time()-(3600*24*365)); 
-  header("location:../php/login.php");
+    }
+    //Cookies entfernen
+    session_destroy();
+    setcookie("identifier", "", time() - (3600 * 24 * 365));
+    setcookie("securitytoken", "", time() - (3600 * 24 * 365));
+    header("location:../php/login.php");
 }
 
 
 
 if ($function == 'login') {
-  $mail=mb_strtoupper($_POST["mail"]); //remove case sensitivity on the mail
-  $password=$_POST["password"];
-  
-   # 2 Loginmöglichkeiten: 1) Datenbank ams_stammdaten oder 2) Hochschul-LDAP
-  
-  if($mail == "" OR $password == ""){
+    $user     = mb_strtoupper($_POST["user"]); //remove case sensitivity on the mail
+    $password = $_POST["password"];
+    
+    # 2 Loginmöglichkeiten: 1) Datenbank ams_stammdaten oder 2) Hochschul-LDAP
+    
+    if ($user == "" OR $password == "") {
         echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte f&uuml;llen Sie alle Felder aus!</div>|***|error';
         exit;
-  }
-  
-## Basislogin für DBs
-  $result = $db->query("SELECT sid, uid, mail, pwd, durchgefallen FROM stud WHERE UPPER(mail)='$mail' or uid='$mail'");
-  $row = $result->fetch_array();
-  if(mysqli_num_rows($result) == 0) {
-        echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Account ist nicht verfügbar!</div>|***|error';
+    }
+    
+    
+    $result = $db->query("SELECT sid, uid, mail, pwd, durchgefallen FROM stud WHERE UPPER(mail)='$user' or uid='$user'");
+    $row    = $result->fetch_array();
+    if (mysqli_num_rows($result) == 0) {
+        echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Account ist im Anmeldesystem nicht verfügbar!</div>|***|error';
         exit;
-  }else if ($row['durchgefallen']  != 'N'){
+    } else if ($row['durchgefallen'] != 'N') {
         echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Account ist inaktiv!</div>|***|error';
         exit;
-  }else if (md5($password) != $row['pwd']){  //verschlüsseltes Passwort überprüfen
-        echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte pr&uuml;fen Sie Ihre Zugangsdaten</div>|***|error';
-        exit;
-  }else{
+    } else if (studnet($user, $password) or hsnet($user, $password) or md5($password) == $row['pwd']) {
         echo "<div class='alert alert-success'><i class='fa fa-fw fa-thumbs-up'></i> Login wird durchgef&uuml;hrt</div>|***|success";
-  }
-  
-  
-  
-/*
-  else if (md5($password) != $row['passwort'] or $row['mail'] == ''){  //verschlüsseltes Passwort überprüfen
+    } else {
         echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte pr&uuml;fen Sie Ihre Zugangsdaten</div>|***|error';
         exit;
-  }else{
-      $VAID = $row['VAID'];
-
-      //Möchte der Nutzer angemeldet beleiben?
-      if($_POST['angemeldet_bleiben'] == 1) {
-
-           $identifier = random_string();
-           $securitytoken = random_string();
-           
-#         $insert = $pdo->prepare("INSERT INTO lg_securitytokens (user_id, identifier, securitytoken) VALUES (:user_id, :identifier, :securitytoken)");
-#         $insert->execute(array('user_id' => $user['id'], 'identifier' => $identifier, 'securitytoken' => sha1($securitytoken)));
-           $token_neu = sha1($securitytoken);
-           $result_1 = $db->query("INSERT INTO lg_securitytokens (VAID, identifier, securitytoken) VALUES ('$VAID', '$identifier', '$token_neu')");
-           setcookie("identifier",$identifier,time()+(3600*24*365)); //1 Jahr Gültigkeit
-           setcookie("securitytoken",$securitytoken,time()+(3600*24*365)); //1 Jahr Gültigkeit
-           $_SESSION['angemeldet_bleiben'] = 1;
-      }else{
-        $_SESSION['angemeldet_bleiben'] = 0;
-      }
-
+    }
+    
+   
+    /*
+    else if (md5($password) != $row['passwort'] or $row['mail'] == ''){  //verschlüsseltes Passwort überprüfen
+    echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte pr&uuml;fen Sie Ihre Zugangsdaten</div>|***|error';
+    exit;
+    }else{
+    $VAID = $row['VAID'];
+    
+    //Möchte der Nutzer angemeldet beleiben?
+    if($_POST['angemeldet_bleiben'] == 1) {
+    
+    $identifier = random_string();
+    $securitytoken = random_string();
+    
+    #         $insert = $pdo->prepare("INSERT INTO lg_securitytokens (user_id, identifier, securitytoken) VALUES (:user_id, :identifier, :securitytoken)");
+    #         $insert->execute(array('user_id' => $user['id'], 'identifier' => $identifier, 'securitytoken' => sha1($securitytoken)));
+    $token_neu = sha1($securitytoken);
+    $result_1 = $db->query("INSERT INTO lg_securitytokens (VAID, identifier, securitytoken) VALUES ('$VAID', '$identifier', '$token_neu')");
+    setcookie("identifier",$identifier,time()+(3600*24*365)); //1 Jahr Gültigkeit
+    setcookie("securitytoken",$securitytoken,time()+(3600*24*365)); //1 Jahr Gültigkeit
+    $_SESSION['angemeldet_bleiben'] = 1;
+    }else{
+    $_SESSION['angemeldet_bleiben'] = 0;
+    }
+    
     $datum=date("Y-m-d H:i:s");
     $ip=getenv("REMOTE_ADDR");
     $agent=getenv("HTTP_USER_AGENT");
     $_SESSION['userid'] = $VAID;
     $_SESSION["global_mail"] = $row['mail'];
     $result_1 = $db->query("INSERT INTO userlog (Datum, IP, user_agent, VAID) VALUES ('$datum', '$ip', '$agent', '$VAID')");
-        echo "<div class='alert alert-success'><i class='fa fa-fw fa-thumbs-up'></i> Login wird durchgef&uuml;hrt</div>|***|success";
-  }
-  }
-*/
+    echo "<div class='alert alert-success'><i class='fa fa-fw fa-thumbs-up'></i> Login wird durchgef&uuml;hrt</div>|***|success";
+    }
+    }
+    */
 }
 
 
 /*
 if ($function == 'passwortvergessen') {
 
-  $mailempf = $_POST['email'];
-  
-  $result_pw = $db->query("SELECT VAID, inaktiv, vorname, nachname, mail FROM admin WHERE UPPER(mail)=UPPER('$mailempf')");
-  $row_pw = $result_pw->fetch_array();
-  
- if(!isset($_POST['email']) || empty($_POST['email'])) {
-        echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte geben Sie eine E-Mail-Adresse ein.</div>|***|error';
-        exit;
- } elseif ($row_pw['mail'] == ''){
-        echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Benutzer wurde nicht im System gefunden. Überprüfen Sie die Mailadresse</div>|***|error';
-        exit;
- }elseif($row_pw['inaktiv'] != 'N') {
-        echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Benutzer ist inaktiv. Melden Sie sich beim Administrator.</div>|***|error';
-        exit;
-  }else{
-  # function passwort_back
- echo passwort_back($row_pw['VAID']);
- }
+$mailempf = $_POST['email'];
+
+$result_pw = $db->query("SELECT VAID, inaktiv, vorname, nachname, mail FROM admin WHERE UPPER(mail)=UPPER('$mailempf')");
+$row_pw = $result_pw->fetch_array();
+
+if(!isset($_POST['email']) || empty($_POST['email'])) {
+echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte geben Sie eine E-Mail-Adresse ein.</div>|***|error';
+exit;
+} elseif ($row_pw['mail'] == ''){
+echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Benutzer wurde nicht im System gefunden. Überprüfen Sie die Mailadresse</div>|***|error';
+exit;
+}elseif($row_pw['inaktiv'] != 'N') {
+echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Benutzer ist inaktiv. Melden Sie sich beim Administrator.</div>|***|error';
+exit;
+}else{
+# function passwort_back
+echo passwort_back($row_pw['VAID']);
+}
 }
 
 
 
 if ($function == 'resetpasswort') {
-    
-    $password_new1 = $_POST['password_new1'];
-    $password_new2 = $_POST['password_new2'];
-    $vaid           = $_POST['vaid'];
-    $code          = $_POST['code'];
 
-    $result = $db->query("SELECT VAID, vorname, nachname, mail, inaktiv, passwortcode, passwortcode_time FROM admin WHERE VAID=$vaid");
-    $row    = $result->fetch_array();
-    
-    #Fehlercheck
-    if(!isset($vaid) || !isset($code)) {
-        echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Leider wurde beim Aufruf dieser Website kein Code zum Zur&uuml;cksetzen des Passworts &uuml;bermittelt!</div>|***|error';
-        exit;
-    }elseif ($row === null || $row['passwortcode'] === null ) {
-        echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Es wurde kein passender Benutzer gefunden!</div>|***|error';
-        exit;
-    }elseif($row['inaktiv'] != 'N') {
-        echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Benutzer ist inaktiv. Melden Sie sich beim Administrator.</div>|***|error';
-        exit;
-    }elseif($row['passwortcode_time'] === null || strtotime($row['passwortcode_time']) < (time()-24*3600) ) {
-        echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Code ist leider abgelaufen. Setzen Sie das Passwort erneut zur&uuml;ck!</div>|***|error';
-        exit;
-    }elseif(sha1($code) != $row['passwortcode']) {
-         echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der &uuml;bergebene Code war ung&uuml;ltig.<br>Stellen Sie sicher, dass Sie den genauen Link in der URL aufrufen.</div>|***|error';
-        exit;
-    }elseif ($password_new1 != $password_new2) {
-        echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Das neue Passwort stimmt nicht mit der Wiederholung &uuml;berein!</div>|***|error';
-        exit;
-    }elseif (strlen($password_new1) < 8) {
-        echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Das neue Passwort muss mindestens 8 Zeichen haben!</div>|***|error';
-        exit;
-    }else{
-        $password_md5 = md5($password_new1);
-        $update = $db->query("UPDATE admin
-                                 SET passwort ='$password_md5'
-                                    ,passwortcode = NULL
-                                    ,passwortcode_time = NULL
-                               WHERE VAID=$vaid
-                            ");
-        if (!$update) {
-          echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Es liegt ein Fehler in der Datenbank vor!</div>|***|error';
-          exit;
-        }else{
-          echo '<div class="alert alert-success"><i class="fa fa-fw fa-thumbs-up"></i> Das Passwort wurde geändert!</div>|***|success';
-          exit;
-        }
+$password_new1 = $_POST['password_new1'];
+$password_new2 = $_POST['password_new2'];
+$vaid           = $_POST['vaid'];
+$code          = $_POST['code'];
 
-    }
+$result = $db->query("SELECT VAID, vorname, nachname, mail, inaktiv, passwortcode, passwortcode_time FROM admin WHERE VAID=$vaid");
+$row    = $result->fetch_array();
+
+#Fehlercheck
+if(!isset($vaid) || !isset($code)) {
+echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Leider wurde beim Aufruf dieser Website kein Code zum Zur&uuml;cksetzen des Passworts &uuml;bermittelt!</div>|***|error';
+exit;
+}elseif ($row === null || $row['passwortcode'] === null ) {
+echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Es wurde kein passender Benutzer gefunden!</div>|***|error';
+exit;
+}elseif($row['inaktiv'] != 'N') {
+echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Benutzer ist inaktiv. Melden Sie sich beim Administrator.</div>|***|error';
+exit;
+}elseif($row['passwortcode_time'] === null || strtotime($row['passwortcode_time']) < (time()-24*3600) ) {
+echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Code ist leider abgelaufen. Setzen Sie das Passwort erneut zur&uuml;ck!</div>|***|error';
+exit;
+}elseif(sha1($code) != $row['passwortcode']) {
+echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der &uuml;bergebene Code war ung&uuml;ltig.<br>Stellen Sie sicher, dass Sie den genauen Link in der URL aufrufen.</div>|***|error';
+exit;
+}elseif ($password_new1 != $password_new2) {
+echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Das neue Passwort stimmt nicht mit der Wiederholung &uuml;berein!</div>|***|error';
+exit;
+}elseif (strlen($password_new1) < 8) {
+echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Das neue Passwort muss mindestens 8 Zeichen haben!</div>|***|error';
+exit;
+}else{
+$password_md5 = md5($password_new1);
+$update = $db->query("UPDATE admin
+SET passwort ='$password_md5'
+,passwortcode = NULL
+,passwortcode_time = NULL
+WHERE VAID=$vaid
+");
+if (!$update) {
+echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Es liegt ein Fehler in der Datenbank vor!</div>|***|error';
+exit;
+}else{
+echo '<div class="alert alert-success"><i class="fa fa-fw fa-thumbs-up"></i> Das Passwort wurde geändert!</div>|***|success';
+exit;
+}
+
+}
 }
 
 
 */
-?>
+?>
\ No newline at end of file
diff --git a/controller/func_ldap_connect.php b/controller/func_ldap_connect.php
new file mode 100644
index 0000000..ce7c1c2
--- /dev/null
+++ b/controller/func_ldap_connect.php
@@ -0,0 +1,77 @@
+ <?php
+
+function hsnet($user, $password)
+{
+    $db             = dbconnect();
+    $query_ldapuser = $db->query("SELECT wert1, wert2 FROM parameter WHERE pid='13'");
+    $row_ldapuser   = $query_ldapuser->fetch_array();
+    #hsnet
+    $ds             = @ldap_connect("141.10.128.30", "389");
+    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
+    ldap_set_option($ds, LDAP_OPT_NETWORK_TIMEOUT, 1);
+    
+    # bind wird benötigt, sonst werden die Umlaute bei Namen  nicht richtig angezeigt ?!!?
+    $r = @ldap_bind($ds, $row_ldapuser['wert1'], $row_ldapuser['wert2']);
+    if ($r) {
+        $_ldap_dn = "ou=OUHochschulnetzwerk,dc=hsnet,dc=hs-ludwigsburg,dc=de";
+        $sr       = @ldap_search($ds, $_ldap_dn, "samaccountname=$user");
+        $info     = @ldap_get_entries($ds, $sr);
+        $anzahl   = ldap_count_entries($ds, $sr);
+        
+        if ($anzahl > 0) {
+            $first             = ldap_first_entry($ds, $sr);
+            $distinguishedName = ldap_get_dn($ds, $first);
+            if (@ldap_bind($ds, $distinguishedName, $password)) {
+                ldap_close($ds);
+                return TRUE;
+            } else {
+                ldap_close($ds);
+                return false;
+            }
+        } else {
+            ldap_close($ds);
+            return false;
+        }
+    } else {
+        ldap_close($ds);
+        return false;
+    }
+    
+}
+
+
+function studnet($user, $password)
+{
+    $db             = dbconnect();
+    $query_ldapuser = $db->query("SELECT wert1, wert2 FROM parameter WHERE pid='13'");
+    $row_ldapuser   = $query_ldapuser->fetch_array();
+    # Studnet  
+    $ds             = ldap_connect("141.10.144.37", "389");
+    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
+    ldap_set_option($ds, LDAP_OPT_NETWORK_TIMEOUT, 1);
+    $r = @ldap_bind($ds, $row_ldapuser['wert1'], $row_ldapuser['wert2']);
+    if ($r) {
+        $_ldap_dn = "ou=ouStudnet,dc=studnet,dc=hs-ludwigsburg,dc=de";
+        $sr       = @ldap_search($ds, $_ldap_dn, "samaccountname=$user");
+        $info     = @ldap_get_entries($ds, $sr);
+        $anzahl   = ldap_count_entries($ds, $sr);
+        if ($anzahl > 0) {
+            $first             = ldap_first_entry($ds, $sr);
+            $distinguishedName = ldap_get_dn($ds, $first);
+            if (@ldap_bind($ds, $distinguishedName, $password)) {
+                ldap_close($ds);
+                return true;
+            } else {
+                ldap_close($ds);
+                return false;
+            }
+        } else {
+            ldap_close($ds);
+            return false;
+        }
+    } else {
+        ldap_close($ds);
+        return false;
+    }
+}
+?>
\ No newline at end of file
diff --git a/html/login.html b/html/login.html
index bca478e..0ed97cd 100644
--- a/html/login.html
+++ b/html/login.html
@@ -53,7 +53,7 @@
       <script src="../assets/js/config.js"></script>
       <script>
          $(function() {
-          $("#mail").focus();
+          $("#user").focus();
          });
 
          $(document).ready(function(){
@@ -70,7 +70,6 @@
    <body>
       <!-- Content -->
       <!--Anwendung-->
-      TEST
       <script src="../js/components/admin_login.js"></script>
       <div class="container-xxl">
          <div class="authentication-wrapper authentication-basic container-p-y">
@@ -85,14 +84,14 @@
                      <!-- /Logo -->
                      <p class="mb-4">{$index_list}</p>
                      <div class="mb-3">
-                        <label for="email" class="form-label">Mailadresse</label>
+                        <label for="user" class="form-label">Username</label>
                         <input
-                           type="email"
+                           type="text"
                            onkeydown="keysave(this)"
                            class="form-control"
-                           id="mail"
-                           name="mail"
-                           placeholder="Mailadresse"
+                           id="user"
+                           name="user"
+                           placeholder="Username"
                            autofocus
                            />
                      </div>
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..ad14005
--- /dev/null
+++ b/index.php
@@ -0,0 +1,3 @@
+<?php
+header("location:./php/login.php");
+?>
\ No newline at end of file
diff --git a/js/components/admin_login.js b/js/components/admin_login.js
index 494888b..65eda11 100644
--- a/js/components/admin_login.js
+++ b/js/components/admin_login.js
@@ -1,5 +1,5 @@
 function login(){
-  var mail = document.getElementById("mail").value;
+  var user = document.getElementById("user").value;
   var password = document.getElementById("password").value;
 //  var angemeldet_bleiben = document.getElementById("angemeldet_bleiben");
 
@@ -14,14 +14,14 @@ function login(){
             url: '../controller/admin_login.php',
             data: {
                 'function': 'login',
-                'mail': mail,
+                'user': user,
                 'password': password
             },
             success: function(result) { //we got the response
               if(result!=''){
                 var a = result.split('|***|');
                 if(a[1]=="success"){
-                  document.getElementById("mail").value ="";
+                  document.getElementById("user").value ="";
                   document.getElementById("password").value ="";
                   $('#msg').show().delay(1000).fadeOut(500);
                   $('#msg').html(a[0]);
diff --git a/php/login.php b/php/login.php
index 5a98d87..4ca5891 100644
--- a/php/login.php
+++ b/php/login.php
@@ -1,15 +1,11 @@
 <?php
 ## INDEX gegen DB
 if(!isset($_SESSION)) { session_start(); }
-
-require '../vendor/autoload.php';
-use Smarty\Smarty;
-$smarty = new Smarty();
-$smarty->setTemplateDir('../html')
-       ->setCompileDir('../smarty_tmp/templates_c')
-       ->setCacheDir('../smarty_tmp/cache');
+include_once '../config/smarty.php';
+$smarty = new SmartyAdmin();
 require_once("../config/datenbankanbindung.php");
 $templatename = substr(basename($_SERVER['PHP_SELF']),0,-3)."html";
 
+
 $smarty->display("$templatename");
 ?>
diff --git a/smarty_tmp/templates_c/f9e2b78800181bf212fe0ef2309814fa6ee1285d_0.file_login.html.php b/smarty_tmp/templates_c/f9e2b78800181bf212fe0ef2309814fa6ee1285d_0.file_login.html.php
deleted file mode 100644
index e5b50c0..0000000
--- a/smarty_tmp/templates_c/f9e2b78800181bf212fe0ef2309814fa6ee1285d_0.file_login.html.php
+++ /dev/null
@@ -1,235 +0,0 @@
-<?php
-/* Smarty version 5.0.0-rc1, created on 2023-11-03 10:08:07
-  from 'file:login.html' */
-
-/* @var \Smarty\Template $_smarty_tpl */
-if ($_smarty_tpl->getCompiled()->isFresh($_smarty_tpl, array (
-  'version' => '5.0.0-rc1',
-  'unifunc' => 'content_6544b87728a874_63054470',
-  'has_nocache_code' => false,
-  'file_dependency' => 
-  array (
-    'f9e2b78800181bf212fe0ef2309814fa6ee1285d' => 
-    array (
-      0 => 'login.html',
-      1 => 1699002485,
-      2 => 'file',
-    ),
-  ),
-  'includes' => 
-  array (
-  ),
-))) {
-function content_6544b87728a874_63054470 (\Smarty\Template $_smarty_tpl) {
-$_smarty_current_dir = 'C:\\xampp_8.2.4\\htdocs\\kurs\\login\\html';
-?><!DOCTYPE html>
-<html
-   lang="en"
-   class="light-style customizer-hide"
-   dir="ltr"
-   data-theme="theme-default"
-   data-assets-path="../assets/"
-   data-template="vertical-menu-template-free"
-   >
-   <head>
-      <meta charset="utf-8" />
-      <meta
-         name="viewport"
-         content="width=device-width, initial-scale=1.0, user-scalable=no, minimum-scale=1.0, maximum-scale=1.0"
-         />
-      <title>Login Anmeldesysteme</title>
-      <meta name="description" content="" />
-      <!-- Favicon -->
-      <link rel="icon" type="image/x-icon" href="../assets/img/favicon/favicon.ico" />
-      <!-- Fonts
-         <link rel="preconnect" href="https://fonts.googleapis.com" />
-         <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
-         -->
-      <link
-         href="../assets/css/google.css"
-         rel="stylesheet"
-         />
-      <!-- data Table: https://datatables.net/ -->
-      <?php echo '<script'; ?>
- src="../jquery/jquery-3.4.1.min.js"><?php echo '</script'; ?>
->
-      <link href="../bootstrap/data-table/datatables.min.css" rel="stylesheet"/>
-      <?php echo '<script'; ?>
- src="../bootstrap/data-table/datatables.min.js"><?php echo '</script'; ?>
->
-      <?php echo '<script'; ?>
- type="text/javascript" src="../bootstrap/data-table/moment.mon.js"><?php echo '</script'; ?>
->
-      <?php echo '<script'; ?>
- type="text/javascript" src="../bootstrap/data-table/datetime-moment.js"><?php echo '</script'; ?>
->
-      <!-- Icons. Uncomment required icon fonts -->
-      <link rel="stylesheet" href="../assets/vendor/fonts/boxicons.css" />
-      <?php echo '<script'; ?>
- src="../js/all.js" crossorigin="anonymous"><?php echo '</script'; ?>
->
-      <!-- Core CSS -->
-      <link rel="stylesheet" href="../assets/vendor/css/core.css" class="template-customizer-core-css" />
-      <link rel="stylesheet" href="../assets/vendor/css/theme-default.css" class="template-customizer-theme-css" />
-      <link rel="stylesheet" href="../assets/css/demo.css" />
-      <!-- Vendors CSS -->
-      <link rel="stylesheet" href="../assets/vendor/libs/perfect-scrollbar/perfect-scrollbar.css" />
-      <!-- Page CSS -->
-      <!-- Page -->
-      <link rel="stylesheet" href="../assets/vendor/css/pages/page-auth.css" />
-      <!-- Helpers -->
-
-      <link href="../bootstrap/node_modules/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">
-      <?php echo '<script'; ?>
- src="../bootstrap/node_modules/bootstrap/dist/js/bootstrap.bundle.min.js"><?php echo '</script'; ?>
->
-      <?php echo '<script'; ?>
- src="../assets/vendor/js/helpers.js"><?php echo '</script'; ?>
->
-      <!--! Template customizer & Theme config files MUST be included after core stylesheets and helpers.js in the <head> section -->
-      <!--? Config:  Mandatory theme config file contain global vars & default theme options, Set your preferred theme option in this file.  -->
-      <?php echo '<script'; ?>
- src="../assets/js/config.js"><?php echo '</script'; ?>
->
-      <?php echo '<script'; ?>
->
-         $(function() {
-          $("#mail").focus();
-         });
-
-         $(document).ready(function(){
-         $('[data-toggle="popover"]').popover();
-         $
-         });
-      <?php echo '</script'; ?>
->
-      <style>
-        .app-brand {
-          line-height: 2;
-        }
-      </style>
-   </head>
-   <body>
-      <!-- Content -->
-      <!--Anwendung-->
-      TEST
-      <?php echo '<script'; ?>
- src="../js/components/admin_login.js"><?php echo '</script'; ?>
->
-      <div class="container-xxl">
-         <div class="authentication-wrapper authentication-basic container-p-y">
-            <div class="authentication-inner">
-               <!-- Register -->
-               <div class="card">
-                  <div class="card-body">
-                     <!-- Logo -->
-                     <div class="app-brand justify-content-center">
-                        <span class="app-brand-text demo text-body fw-bolder">Login Anmeldesysteme</span>
-                     </div>
-                     <!-- /Logo -->
-                     <p class="mb-4"><?php echo $_smarty_tpl->getValue('index_list');?>
-</p>
-                     <div class="mb-3">
-                        <label for="email" class="form-label">Mailadresse</label>
-                        <input
-                           type="email"
-                           onkeydown="keysave(this)"
-                           class="form-control"
-                           id="mail"
-                           name="mail"
-                           placeholder="Mailadresse"
-                           autofocus
-                           />
-                     </div>
-                     <div class="mb-3 form-password-toggle">
-                        <div class="d-flex justify-content-between">
-                           <label class="form-label" for="password">Password</label>
-                        </div>
-                        <div class="input-group input-group-merge">
-                           <input
-                              type="password"
-                              onkeydown="keysave(this)"
-                              id="password"
-                              class="form-control"
-                              name="password"
-                              placeholder="Passwort"
-                              aria-describedby="password"
-                              />
-                           <span class="input-group-text cursor-pointer"><i class="bx bx-hide"></i></span>
-                        </div>
-                     </div>
-                     <div class="d-flex align-items-center justify-content-between mt-4 mb-0">
-                        <!--<a class="small" href="password.html">Forgot Password?</a>-->
-                        <!--
-                        <label><input type="checkbox" name="angemeldet_bleiben" id="angemeldet_bleiben" value="1">
-                        <a href="javascript:void(0)" type="button" class="link-secondary" data-bs-toggle="popover" data-bs-html="true"  data-bs-trigger="hover focus"
-                           title="Angemeldet bleiben"
-                           data-bs-content="Durch das Markieren dieses Feldes wird beim n&auml;chsten Besuch die Anmeldemaske nicht erscheinen.<br>
-                           <b>Die Anwendung speichert lokal Cookies in Ihrem Browser.</b><br>
-                           Sobald Sie in der Anwendung einen Logout machen, werden die Cookies gel&ouml;scht und ein Login ist wieder erforderlich.">
-                        Angemeldet bleiben
-                        </a>
-                        </label>
-                        &nbsp;
-                        -->
-                        <a class="link-secondary text-decoration-none" href="passwortvergessen.php">Passwort vergessen</a>
-                     </div>
-                     <br>
-                     <div class="mb-3">
-                        <input type='submit' class="btn btn-primary d-grid w-100" onclick="login();" name='senden' value="Login">
-                     </div>
-                     <div id="msg"></div>
-                  </div>
-               </div>
-            </div>
-         </div>
-      </div>
-      <!-- / Content -->
-      <!-- Core JS -->
-      <!-- build:js assets/vendor/js/core.js -->
-      <?php echo '<script'; ?>
- src="../assets/vendor/libs/popper/popper.js"><?php echo '</script'; ?>
->
-      <?php echo '<script'; ?>
- src="../assets/vendor/js/bootstrap.js"><?php echo '</script'; ?>
->
-      <?php echo '<script'; ?>
- src="../assets/vendor/libs/perfect-scrollbar/perfect-scrollbar.js"><?php echo '</script'; ?>
->
-      <?php echo '<script'; ?>
- src="../assets/vendor/js/menu.js"><?php echo '</script'; ?>
->
-      <!-- endbuild -->
-      <!-- Vendors JS -->
-      <!-- Main JS -->
-      <?php echo '<script'; ?>
- src="../assets/js/main.js"><?php echo '</script'; ?>
->
-      <!-- Page JS -->
-      <?php echo '<script'; ?>
->
-         var popoverTriggerList = [].slice.call(document.querySelectorAll('[data-bs-toggle="popover"]'))
-         var popoverList = popoverTriggerList.map(function (popoverTriggerEl) {
-           return new bootstrap.Popover(popoverTriggerEl)
-         })
-      <?php echo '</script'; ?>
->
-      <!-- Place this tag in your head or just before your close body tag. -->
-      <?php echo '<script'; ?>
- async defer src="../assets/js/buttons.js"><?php echo '</script'; ?>
->
-   </body>
-   
-   <?php echo '<script'; ?>
- type="text/javascript">
-      function keysave(ele) {
-      if(event.key === 'Enter') {
-      login();
-      }
-      }
-   <?php echo '</script'; ?>
->
-   
-</html>
-<?php }
-}