armeech-neptune/backend/login.php

<?php
session_start();

if (isset($_SESSION['neptune_loggedin']) && $_SESSION['neptune_loggedin'] === true) {
    header('Location: /');
    exit;
}

$error = '';
$success = '';

// Detect the correct callback URL
$scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
$host = $_SERVER['HTTP_HOST'] ?? 'localhost:8080';
// If no port in host and not standard port, add it
if (strpos($host, ':') === false && !in_array($_SERVER['SERVER_PORT'] ?? 80, [80, 443])) {
    $host .= ':' . $_SERVER['SERVER_PORT'];
}
$callbackUrl = "$scheme://$host/login.php";

if (isset($_GET['auth'])) {
    $auth_token = $_GET['auth'];
    $check_url = "https://auth.jakach.ch/api/auth/check_auth_key.php?auth_token=" . urlencode($auth_token);

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $check_url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_TIMEOUT, 10);
    $response = curl_exec($ch);
    $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    curl_close($ch);

    if ($http_code !== 200 || !$response) {
        $error = 'Failed to contact authentication server.';
    } else {
        $data = json_decode($response, true);
        if (isset($data['status']) && $data['status'] === 'success') {
            $user_token = $data['user_token'];
            $username = $data['username'];
            $email = $data['email'] ?? '';

            require_once __DIR__ . '/config/database.php';
            $db = getDbConnection();

            // Check if user exists in our db
            $stmt = $db->prepare("SELECT * FROM neptune_users WHERE user_token = ?");
            $stmt->execute([$user_token]);
            $user = $stmt->fetch();

            if ($user) {
                $_SESSION['neptune_loggedin'] = true;
                $_SESSION['neptune_user_token'] = $user['user_token'];
                $_SESSION['neptune_username'] = $user['username'];
                $_SESSION['neptune_role'] = $user['role'];
                header('Location: /');
                exit;
            } else {
                // First user becomes admin
                $count = $db->query("SELECT COUNT(*) as c FROM neptune_users")->fetch()['c'];
                $role = ($count == 0) ? 'admin' : 'user';

                $stmt = $db->prepare("INSERT INTO neptune_users (user_token, username, email, role) VALUES (?, ?, ?, ?)");
                $stmt->execute([$user_token, $username, $email, $role]);

                $_SESSION['neptune_loggedin'] = true;
                $_SESSION['neptune_user_token'] = $user_token;
                $_SESSION['neptune_username'] = $username;
                $_SESSION['neptune_role'] = $role;
                header('Location: /');
                exit;
            }
        } else {
            $error = 'Authentication failed: ' . ($data['msg'] ?? 'unknown error');
        }
    }
}
?>
<!DOCTYPE html>
<html lang="en" data-bs-theme="dark">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Neptune - Login</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
    <link href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.5.1/css/all.min.css" rel="stylesheet">
    <style>
        body { background: #0a0e1a; display: flex; align-items: center; justify-content: center; min-height: 100vh; }
        .login-card { background: #131a2b; border: 1px solid #1e2a45; border-radius: .75rem; padding: 2.5rem; max-width: 420px; width: 100%; }
        .login-card h1 { font-size: 1.5rem; }
        .login-card p { color: #64748b; font-size: .9rem; }
        .btn-jakach { background: #3b82f6; color: #fff; }
        .btn-jakach:hover { background: #2563eb; color: #fff; }
    </style>
</head>
<body>
    <div class="login-card text-center">
        <i class="fas fa-globe text-primary mb-3" style="font-size: 2.5rem;"></i>
        <h1 class="fw-bold mb-1">Neptune</h1>
        <p class="mb-4">Cybersecurity Incident Journal</p>

        <?php if ($error): ?>
            <div class="alert alert-danger py-2 small"><?= htmlspecialchars($error) ?></div>
        <?php endif; ?>
        <?php if ($success): ?>
            <div class="alert alert-success py-2 small"><?= htmlspecialchars($success) ?></div>
        <?php endif; ?>

        <a href="https://auth.jakach.ch/?send_to=<?= urlencode($callbackUrl) ?>" class="btn btn-jakach w-100 py-2 mb-2">
            <i class="fas fa-right-to-bracket me-2"></i>Log in with Jakach Auth
        </a>
        <small class="text-secondary">First user automatically becomes admin</small>
    </div>
</body>
</html>