Confusão
Você consegue fazer login sem precisar adivinhar o nome de usuário e senha?
<!-- Arquivo: index.html -->
<!DOCTYPE html>
<html>
<head>
<title>Admin panel | TestSite</title>
<meta charset="utf-8" />
</head>
<body lang="en-US">
<h1>Login to administrator panel</h1>
<form id="login-form" method="POST" action="./login.php">
<p>
<label for="username">Username:</label>
<input
type="text"
id="username"
name="username"
placehoder="myuser123"
/>
</p>
<p>
<label for="password">Password:</label>
<input
type="password"
id="password"
name="password"
/>
</p>
<input type="submit" value="Login" />
</form>
<div id="message"></div>
<script>
const form = document.getElementById('login-form');
form.addEventListener('submit', async (e) => {
e.preventDefault();
const userElem = document.getElementById('username');
const passElem = document.getElementById('password');
const response = await fetch('./login.php', {
method: 'POST',
body: JSON.stringify({
'username': userElem.value,
'password': passElem.value,
}),
});
const responseData = await response.json();
const msgElem = document.getElementById('message');
msgElem.textContent = responseData.message;
});
</script>
</body>
</html><?php
// Arquivo: login.php
header('Content-Type: application/json');
$requestBody = json_decode(
file_get_contents('php://input'),
true,
);
if (
$requestBody['username'] == getenv('ADMIN_USER')
&& $requestBody['password'] == getenv('ADMIN_PASS')
) {
echo json_encode([
'message' => 'Login successful!',
'access_token' => '...',
'expires_in' => '...',
]);
return;
}
echo json_encode([
'message' => 'Login failed!',
]);
http_response_code(403);