admin page has login

admin.php

@@ -0,0 +1,74 @@
+<?php
+
+$raw_json_config = file_get_contents("data/config.json");
+$config_data = json_decode($raw_json_config, false);
+
+?>
+
+<html>
+<head>
+	<title><?php print("Admin ".($config_data->title ?? "One Word Each")); ?></title>
+	<link rel="stylesheet" href="style.css">
+	<link rel="icon" href="<?php print($config_data->logo->icon_path ?? "favicon.ico"); ?>" type="image/x-icon">
+</head>
+
+<body>
+	<?php
+	
+	if (file_exists('data/admin_pwd')):
+		$token = $_COOKIE['owe_admin'];
+		$pwd=base64_decode($token);
+		
+		if (password_verify($pwd, file_get_contents('data/admin_pwd'))) {
+			$login = true;
+		} else {
+			// either cookie didn't exist or is wrong
+		}
+	else:
+	?>
+	
+	Du kannst Admin werden.
+	<form action="./admin.php" method="post">
+	<label>Passwort: <input type="password" required name="set_pwd" style="font-size: xx-large; border: 2px solid white;"></label>
+	<button>Registrieren</button>
+	</form>
+	
+	<?php
+	
+	if (null !== $_POST['set_pwd']) {
+		$pwd = $_POST['set_pwd'];
+		file_put_contents('data/admin_pwd', password_hash($pwd, PASSWORD_DEFAULT));
+		setcookie('owe_admin', base64_encode($pwd), ['httponly' => true]);
+		header('location: admin.php');
+	}
+		
+	endif;
+	
+	if ($login):
+	?>
+	
+	Du bist angemeldet.
+	
+	<?php elseif (file_exists('data/admin_pwd')): ?>
+	
+	Anmelden<br>
+	<form action="./admin.php" method="post">
+	<label>Passwort: <input type="password" required name="pwd" style="font-size: xx-large; border: 2px solid white;"></label>
+	<button>Anmelden</button>
+	</form>
+	
+	<?php
+	if (null !== $_POST['pwd']) {
+		$pwd = $_POST['pwd'];
+		if (password_verify($pwd, file_get_contents('data/admin_pwd'))) {
+			setcookie('owe_admin', base64_encode($pwd), ['httponly' => true]);
+			header('location: admin.php');
+		} else {
+			print("Nope, falsch");
+		}
+	}
+	
+	endif; ?>
+	</p>
+</body>
+</html>