SAE_web/account/login/login.php

<?php
require_once ($_SERVER['DOCUMENT_ROOT'] . '/tools/dbConnect.php');

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $email = htmlspecialchars($_POST["email"]);
    $password = htmlspecialchars($_POST["password"]);
}
?>


<?php
/*
if (isset($_COOKIE["savemdp"])) {
    $savemdp = $_COOKIE["savemdp"];
} else {
    $savemdp = null;

    setcookie("savemdp", $savemdp, time() + 3600);
}*/
?>

/*
hasher le mdp
- check la validité du combo mail + mdp (qui es thashé sur la bdd)
- si valide, on enregistre un cookie avec mail, nom, prénom, rôle (requete sql pour les obtenir)
- créer un cookie avec mail, nom, prénom, rôle. Qui expire dans 1h
une fois bien connecté, on redirige vers /account/profile
*/
<html>

<head>
    <meta charset="UTF-8" />
</head>

<body container>
    <form method="POST" action="https://but.lbalocchi.fr/account/login">
        <?php
        $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
        $resultat = mysqli_query($db, "SELECT mail, password 
                                           FROM user 
                                           WHERE mail = $email AND password = $hashedPassword");
        echo "adresse mail : " . $email . "<br>";
        echo "mot de passe : " . $password . "<br>";
        /*test loris*/
        $query = "SELECT mail, password                           FROM user 
                      WHERE mail = '$email'";
        $result = mysqli_query($db, $query);

        if (!$result) {
            die("Erreur lors de l'exécution de la requête.");
        }

        $row = mysqli_fetch_assoc($result);
        $storedPassword = $row['password'];

        if (password_verify($password, $storedPassword)) {
            // Authentication successful
            // Set the necessary cookies and redirect to /account/profile
            // ...
        } else {
            die("Combinaison email/mot de passe incorrecte.");
        }
        ?>

        Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that
        corresponds to
        your MariaDB server version for the right syntax to use near '@fesse.fr AND password =
        $2y$10$whzDnlmJvcSJdXqkr7SoAu5B7gmxJgcVPNT3Nr9oAPMAd...' at line 3 in
        C:\Users\Loris\Documents\DEV\gitea\SAE_web\account\login\login.php:28 Stack trace: #0
        C:\Users\Loris\Documents\DEV\gitea\SAE_web\account\login\login.php(28): mysqli_query(Object(mysqli), 'SELECT
        mail,
        pa...') #1 {main} thrown in C:\Users\Loris\Documents\DEV\gitea\SAE_web\account\login\login.php on line 28
Modification des include header/footer. début de login fonctionnel Co-authored-by: Charpentier Juliette <juliette.charpentier1@etu.u-pec.fr> 2024-06-09 17:07:43 +02:00			`<?php`
			`require_once ($_SERVER['DOCUMENT_ROOT'] . '/tools/dbConnect.php');`

			`if ($_SERVER["REQUEST_METHOD"] == "POST") {`
			`$email = htmlspecialchars($_POST["email"]);`
			`$password = htmlspecialchars($_POST["password"]);`
			`}`
fix: update login/register links in login page The login page has been updated to fix the broken links for creating a new account and logging in. The links now correctly point to the register and login pages in the account directory. Co-authored-by: Charpentier Juliette <juliette.charpentier1@etu.u-pec.fr> 2024-06-10 16:24:30 +02:00			`?>`
Modification des include header/footer. début de login fonctionnel Co-authored-by: Charpentier Juliette <juliette.charpentier1@etu.u-pec.fr> 2024-06-09 17:07:43 +02:00

fix: update login/register links in login page The login page has been updated to fix the broken links for creating a new account and logging in. The links now correctly point to the register and login pages in the account directory. Co-authored-by: Charpentier Juliette <juliette.charpentier1@etu.u-pec.fr> 2024-06-10 16:24:30 +02:00			`<?php`
			`/*`
			`if (isset($_COOKIE["savemdp"])) {`
			`$savemdp = $_COOKIE["savemdp"];`
			`} else {`
			`$savemdp = null;`

			`setcookie("savemdp", $savemdp, time() + 3600);`
			`}*/`
			`?>`

			`/*`
			`hasher le mdp`
			`- check la validité du combo mail + mdp (qui es thashé sur la bdd)`
			`- si valide, on enregistre un cookie avec mail, nom, prénom, rôle (requete sql pour les obtenir)`
			`- créer un cookie avec mail, nom, prénom, rôle. Qui expire dans 1h`
			`une fois bien connecté, on redirige vers /account/profile`
			`*/`
			`<html>`

			`<head>`
			`<meta charset="UTF-8" />`
			`</head>`

			`<body container>`
			`<form method="POST" action="https://but.lbalocchi.fr/account/login">`
			`<?php`
			`$hashedPassword = password_hash($password, PASSWORD_DEFAULT);`
			`$resultat = mysqli_query($db, "SELECT mail, password`
			`FROM user`
			`WHERE mail = $email AND password = $hashedPassword");`
			`echo "adresse mail : " . $email . "<br>";`
			`echo "mot de passe : " . $password . "<br>";`
			`/test loris/`
			`$query = "SELECT mail, password FROM user`
			`WHERE mail = '$email'";`
			`$result = mysqli_query($db, $query);`

			`if (!$result) {`
			`die("Erreur lors de l'exécution de la requête.");`
			`}`

			`$row = mysqli_fetch_assoc($result);`
			`$storedPassword = $row['password'];`
Modification des include header/footer. début de login fonctionnel Co-authored-by: Charpentier Juliette <juliette.charpentier1@etu.u-pec.fr> 2024-06-09 17:07:43 +02:00
fix: update login/register links in login page The login page has been updated to fix the broken links for creating a new account and logging in. The links now correctly point to the register and login pages in the account directory. Co-authored-by: Charpentier Juliette <juliette.charpentier1@etu.u-pec.fr> 2024-06-10 16:24:30 +02:00			`if (password_verify($password, $storedPassword)) {`
			`// Authentication successful`
			`// Set the necessary cookies and redirect to /account/profile`
			`// ...`
			`} else {`
			`die("Combinaison email/mot de passe incorrecte.");`
			`}`
			`?>`
Modification des include header/footer. début de login fonctionnel Co-authored-by: Charpentier Juliette <juliette.charpentier1@etu.u-pec.fr> 2024-06-09 17:07:43 +02:00
fix: update login/register links in login page The login page has been updated to fix the broken links for creating a new account and logging in. The links now correctly point to the register and login pages in the account directory. Co-authored-by: Charpentier Juliette <juliette.charpentier1@etu.u-pec.fr> 2024-06-10 16:24:30 +02:00			`Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that`
			`corresponds to`
			`your MariaDB server version for the right syntax to use near '@fesse.fr AND password =`
			`$2y$10$whzDnlmJvcSJdXqkr7SoAu5B7gmxJgcVPNT3Nr9oAPMAd...' at line 3 in`
			`C:\Users\Loris\Documents\DEV\gitea\SAE_web\account\login\login.php:28 Stack trace: #0`
			`C:\Users\Loris\Documents\DEV\gitea\SAE_web\account\login\login.php(28): mysqli_query(Object(mysqli), 'SELECT`
			`mail,`
			`pa...') #1 {main} thrown in C:\Users\Loris\Documents\DEV\gitea\SAE_web\account\login\login.php on line 28`