From 0b5987a85884ef9df7f164ba4af64856a6374323 Mon Sep 17 00:00:00 2001
From: Chris Smith <chris@cgsmith.net>
Date: Fri, 15 Mar 2019 21:04:58 -0500
Subject: [PATCH] Admin page adjustment

---
 index.php             | 25 +++++++++++++++++++++++++
 views/admin-login.php | 17 +++++++++++++++++
 views/admin.php       |  2 +-
 3 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 views/admin-login.php

diff --git a/index.php b/index.php
index f23f2ab..b73fafa 100644
--- a/index.php
+++ b/index.php
@@ -39,6 +39,31 @@ $router->set404(function () {
     echo '404, route not found!';
 });
 
+
+$router->before('GET|POST', '/admin/.*', function() {
+    session_start();
+    if (!isset($_SESSION['user'])) {
+        header('location: /auth/login');
+        exit();
+    }
+});
+
+$router->get('/auth/login', function() {
+    include 'views/common/head.php';
+    include 'views/admin-login.php';
+    include 'views/common/footer.php';
+});
+
+$router->post('/auth/login', function() {
+    if (($_POST['username'] == $_SERVER['ADMIN_USER']) && ($_POST['password'] == $_SERVER['ADMIN_PASS'])) {
+        session_start();
+        $_SESSION['user'] = $_POST['username'];
+        header('Location: /admin/orders');
+    }else{
+        header('Location: /auth/login?alert=error');
+    }
+});
+
 // Static route: / (homepage)
 $router->get('/', function () {
     $settings = \RedBeanPHP\R::load('settings', 1);
diff --git a/views/admin-login.php b/views/admin-login.php
new file mode 100644
index 0000000..e8e3de9
--- /dev/null
+++ b/views/admin-login.php
@@ -0,0 +1,17 @@
+<h1>Admin Login</h1>
+
+<div class="row">
+    <form method="POST">
+        <div class="input-group form-group">
+            <input type="text" name="username" class="form-control" placeholder="username">
+        </div>
+        <div class="input-group form-group">
+            <input type="password" name="password" class="form-control" placeholder="password">
+        </div>
+        <div class="form-group">
+            <input type="submit" value="Login" class="btn btn-primary">
+        </div>
+    </form>
+    <br/>
+    <br/>
+</div>
\ No newline at end of file
diff --git a/views/admin.php b/views/admin.php
index 3ec3a05..38da97b 100644
--- a/views/admin.php
+++ b/views/admin.php
@@ -1,6 +1,6 @@
 <div class="row">
     <div class="col-md-12 order-md-1">
-        <h3 class="mb-3">Orders <a href="/admin/orders/export" class="btn btn-primary">Order Export</a><a href="/admin/guests/export" class="btn btn-primary">Guest Export</a></h3>
+        <h3 class="mb-3">Orders <a href="/admin/orders/export" class="btn btn-primary">Order Export</a>&nbsp;<a href="/admin/guests/export" class="btn btn-primary">Guest Export</a></h3>
         <table class="table table-striped">
             <thead>
             <tr>