Manager/pages/login.php

<?php
    $HTML = new HTML();
    $HTML->setHTMLTitle("Login");
    $HTML->importHTML("login.html");

    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
        include_once 'app/FormValidator.php';
        $validator = new FormValidator(array(
            'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/'),
            'password' => array('required' => true, 'regex' => '/^.{1,1000}$/')
        ));
        
        if (!$validator->isValid($_POST)) {
            $HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Bitte gebe Benutzername (Vor- und Nachname) und Passwort ein.");
        } else {
            $statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID,FirstName,LastName,Email,UserLevel,passwordHash,passwordSalt FROM UserAccounts JOIN auth ON UserAccounts.PrincipalID = auth.UUID WHERE FirstName = ? AND LastName = ? LIMIT 1");
            $statementUser->execute(explode(" ", trim($_POST['username'])));
            $res = ['passwordHash' => '', 'passwordSalt' => ''];

            if ($rowUser = $statementUser->fetch()) {
                $res = $rowUser;
            }

            if (hash_equals(md5(md5($_POST['password']).":".$res['passwordSalt']), $res['passwordHash'])) {
                session_unset(); // Unset pre-session variables, next request will generate a new CSRF token
                $_SESSION['FIRSTNAME'] = $rowUser['FirstName'];
                $_SESSION['LASTNAME'] = $rowUser['LastName'];
                $_SESSION['EMAIL'] = $rowUser['Email'];
                $_SESSION['PASSWORD'] = $rowUser['passwordHash'];
                $_SESSION['SALT'] = $rowUser['passwordSalt'];
                $_SESSION['UUID'] = $rowUser['PrincipalID'];
                $_SESSION['LEVEL'] = $rowUser['UserLevel'];
                $_SESSION['DISPLAYNAME'] = strtoupper($rowUser['FirstName'].' '.$rowUser['LastName']);
                $_SESSION['LOGIN'] = 'true';

                header("Location: index.php?page=dashboard");
                die();
            }

            $HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Benutzername und/oder Passwort falsch.");
            $HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", htmlspecialchars($_POST['username']));
        }
    } elseif (isset($_SESSION) && isset($_SESSION['loginMessage'])) {
        $HTML->ReplaceLayoutInhalt('%%LOGINMESSAGE%%', $_SESSION['loginMessage']);
        $HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', $_SESSION['loginMessageColor']);
        unset($_SESSION['loginMessage']);
        unset($_SESSION['loginMessageColor']);
    }

    $HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "");
    $HTML->ReplaceLayoutInhalt("%%MESSAGECOLOR%%", "red");
    $HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", "");

    $HTML->build();
    echo $HTML->ausgabe();