DevWeb/login.php

<?php
session_start();
require_once 'db_config.php'; 

$msg = "";

// Vérification Login
if (isset($_POST['username'])) {
    if ($_POST['username'] == $admin_user && $_POST['password'] == $admin_pass) {
        $_SESSION['logged_in'] = true;
    } else {
        $msg = "Identifiants incorrects.";
    }
}

if (isset($_GET['logout'])) {
    session_destroy();
    header("Location: login.php");
    exit();
}
?>

<!DOCTYPE html>
<html>
<head><title>Admin Login</title></head>
<body style="font-family:sans-serif; padding:20px; text-align:center;">

<a href="index.php">Retour au Forum</a>

<?php if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true): ?>

    <div style="border: 2px solid green; padding: 20px; margin-top:20px; background: #dff0d8;">
        <h2>Félicitations !</h2>
        <p>Voici le flag du challenge Web :</p>
        <h1 style="color:crimson;"><?php echo $flag_dev_web; ?></h1>
        <br>
        <a href="login.php?logout=true">Déconnexion</a>
    </div>

<?php else: ?>

    <h2>Espace Administration</h2>
    <?php if($msg) echo "<p style='color:red'>$msg</p>"; ?>
    <form method="post" style="border:1px solid #ccc; display:inline-block; padding:20px;">
        User: <input type="text" name="username"><br><br>
        Pass: <input type="password" name="password"><br><br>
        <input type="submit" value="Se connecter">
    </form>

<?php endif; ?>

</body>
</html>