🔧 modification du login/register + implémentation du cookie de session
Co-authored-by: Charpentier Juliette <juliette.charpentier1@etu.u-pec.fr>
This commit is contained in:
parent
af3d102605
commit
0070f84ea4
@ -22,7 +22,7 @@
|
||||
<img src="https://cdn-icons-png.flaticon.com/512/4139/4139948.png" alt="Avatar">
|
||||
<h2 class="login-title">Connexion à votre compte</h2>
|
||||
<p class="login-subtitle">Connectez-vous afin d'accéder à l'entièreté du site.</p>
|
||||
<form action="login/login.php" method="post">
|
||||
<form action="/account/login/login.php" method="post">
|
||||
<div class="form-group">
|
||||
<label for="email">Adresse mail</label>
|
||||
<input type="email" id="email" name="email" placeholder="username@example.com" required placeholder=" ">
|
||||
@ -34,7 +34,7 @@
|
||||
|
||||
<div class="form-group forgot-password">
|
||||
</div>
|
||||
<button type="submit" class="submit-button" action="../../tools"><i class="fas fa-sign-in-alt"></i>
|
||||
<button type="submit" class="submit-button"><i class="fas fa-sign-in-alt"></i>
|
||||
Connexion</i></button>
|
||||
</form>
|
||||
<p class="no-account">Vous n'avez pas de compte ? <a href="../account/register">Créez un compte pour commencer
|
||||
|
@ -5,19 +5,6 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||
$email = htmlspecialchars($_POST["email"]);
|
||||
$password = htmlspecialchars($_POST["password"]);
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
<?php
|
||||
/*
|
||||
if (isset($_COOKIE["savemdp"])) {
|
||||
$savemdp = $_COOKIE["savemdp"];
|
||||
} else {
|
||||
$savemdp = null;
|
||||
|
||||
setcookie("savemdp", $savemdp, time() + 3600);
|
||||
}*/
|
||||
?>
|
||||
|
||||
/*
|
||||
hasher le mdp
|
||||
@ -26,47 +13,81 @@ hasher le mdp
|
||||
- créer un cookie avec mail, nom, prénom, rôle. Qui expire dans 1h
|
||||
une fois bien connecté, on redirige vers /account/profile
|
||||
*/
|
||||
<html>
|
||||
?>
|
||||
<?php
|
||||
$hashedPassword = sha1($password);
|
||||
$resultat = mysqli_query($db, "SELECT *
|
||||
FROM user
|
||||
WHERE mail = $email AND password = $hashedPassword");
|
||||
|
||||
<head>
|
||||
<meta charset="UTF-8" />
|
||||
</head>
|
||||
$query = "SELECT mail, password
|
||||
FROM user
|
||||
WHERE mail = '$email'";
|
||||
$result = mysqli_query($db, $query);
|
||||
|
||||
<body container>
|
||||
<form method="POST" action="https://but.lbalocchi.fr/account/login">
|
||||
<?php
|
||||
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
|
||||
$resultat = mysqli_query($db, "SELECT mail, password
|
||||
FROM user
|
||||
WHERE mail = $email AND password = $hashedPassword");
|
||||
echo "adresse mail : " . $email . "<br>";
|
||||
echo "mot de passe : " . $password . "<br>";
|
||||
/*test loris*/
|
||||
$query = "SELECT mail, password FROM user
|
||||
WHERE mail = '$email'";
|
||||
$result = mysqli_query($db, $query);
|
||||
if (!$result) {
|
||||
die("Erreur lors de l'exécution de la requête.");
|
||||
}
|
||||
|
||||
if (!$result) {
|
||||
die("Erreur lors de l'exécution de la requête.");
|
||||
}
|
||||
if (!$password) {
|
||||
die("Combinaison email/mot de passe incorrecte.");
|
||||
}
|
||||
if (!$email) {
|
||||
die("Combinaison email/mot de passe incorrecte.");
|
||||
} else {
|
||||
echo "<p>Connexion réussie</p>";
|
||||
|
||||
$row = mysqli_fetch_assoc($result);
|
||||
$storedPassword = $row['password'];
|
||||
// Requête pour récupérer les informations de l'utilisateur
|
||||
$query = "SELECT name, family_name, role FROM user WHERE mail = '$email'";
|
||||
$result = mysqli_query($db, $query);
|
||||
|
||||
if (password_verify($password, $storedPassword)) {
|
||||
// Authentication successful
|
||||
// Set the necessary cookies and redirect to /account/profile
|
||||
// ...
|
||||
} else {
|
||||
die("Combinaison email/mot de passe incorrecte.");
|
||||
}
|
||||
?>
|
||||
if (!$result) {
|
||||
die('Erreur de requête : ' . mysqli_error($db));
|
||||
}
|
||||
|
||||
Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that
|
||||
corresponds to
|
||||
your MariaDB server version for the right syntax to use near '@fesse.fr AND password =
|
||||
$2y$10$whzDnlmJvcSJdXqkr7SoAu5B7gmxJgcVPNT3Nr9oAPMAd...' at line 3 in
|
||||
C:\Users\Loris\Documents\DEV\gitea\SAE_web\account\login\login.php:28 Stack trace: #0
|
||||
C:\Users\Loris\Documents\DEV\gitea\SAE_web\account\login\login.php(28): mysqli_query(Object(mysqli), 'SELECT
|
||||
mail,
|
||||
pa...') #1 {main} thrown in C:\Users\Loris\Documents\DEV\gitea\SAE_web\account\login\login.php on line 28
|
||||
// Récupération des données
|
||||
if ($row = mysqli_fetch_assoc($result)) {
|
||||
$nameFetched = $row['name'];
|
||||
$familyNameFetched = $row['family_name'];
|
||||
$roleFetched = $row['role'];
|
||||
} else {
|
||||
echo "Aucun utilisateur trouvé avec cet email.";
|
||||
}
|
||||
|
||||
|
||||
$userData = array(
|
||||
"email" => $email,
|
||||
"name" => $nameFetched,
|
||||
"familyName" => $familyNameFetched,
|
||||
"role" => $roleFetched
|
||||
);
|
||||
|
||||
$userDataEncoded = json_encode($userData);
|
||||
|
||||
setcookie("userData", $userDataEncoded, time() + 3600, "/");
|
||||
|
||||
|
||||
if (isset($_COOKIE['userData'])) {
|
||||
$userDataEncoded = $_COOKIE['userData'];
|
||||
$userData = json_decode($userDataEncoded, true); // 'true' pour obtenir un tableau associatif
|
||||
|
||||
echo "Email : " . $userData['email'] . "<br>";
|
||||
echo "Prénom : " . $userData['name'] . "<br>";
|
||||
echo "Nom : " . $userData['familyName'] . "<br>";
|
||||
echo "Rôle : " . $userData['role'] . "<br>";
|
||||
} else {
|
||||
echo "Cookie 'userData' non trouvé.";
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
$newURL = "/account/profile";
|
||||
header("Location: " . $newURL);
|
||||
die();
|
||||
|
||||
|
||||
?>
|
@ -1,3 +1,26 @@
|
||||
<?php
|
||||
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
|
||||
header("Cache-Control: post-check=0, pre-check=0", false);
|
||||
header("Pragma: no-cache");
|
||||
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/tools/dbConnect.php';
|
||||
session_start();
|
||||
|
||||
if (isset($_COOKIE['userData'])) {
|
||||
$userDataEncoded = $_COOKIE['userData'];
|
||||
$userData = json_decode($userDataEncoded, true); // 'true' pour obtenir un tableau associatif
|
||||
|
||||
$email = $userData['email'];
|
||||
$name = $userData['name'];
|
||||
$familyName = $userData['familyName'];
|
||||
$role = $userData['role'];
|
||||
} else {
|
||||
echo "Cookie 'userData' non trouvé.";
|
||||
header("Location: /account/login");
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
<!DOCTYPE html>
|
||||
<html lang="fr">
|
||||
|
||||
@ -11,14 +34,27 @@
|
||||
|
||||
<link rel="icon" type="image/png" sizes="32x32"
|
||||
href="https://tickets.paris2024.org/obj/media/FR-Paris2024/specialLogos/favicons/favicon-32x32.png" />
|
||||
<script src="https://kit.fontawesome.com/f16a36bad3.js" crossorigin="anonymous"></script>
|
||||
<script src="https://kit.fontawesome.com/f16a36bad3.js"
|
||||
crossorigin="anonymous">if (!document.cookie.includes("userData")) { window.location.href = '/account/login'; }</script>
|
||||
|
||||
<title>Mon profil | Jeux Olympiques - Paris 2024</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<?php include ($_SERVER['DOCUMENT_ROOT'] . '/views/header.php') ?>
|
||||
|
||||
<!-- code de la page ici -->
|
||||
<h1>Mon profil :</h1>
|
||||
<?php
|
||||
echo "<p class='text'>Email : " . $userData['email'] . "</p>";
|
||||
echo "<p class='text'>Prénom : " . $userData['name'] . "</p>";
|
||||
echo "<p class='text'>Nom : " . $userData['familyName'] . "</p>";
|
||||
echo "<p class='text'>Rôle : " . $userData['role'] . "</p>";
|
||||
|
||||
|
||||
?>
|
||||
<form action="/tools/logout.php" method="post">
|
||||
<button type="submit">Déconnexion</button>
|
||||
</form>
|
||||
|
||||
<?php include ($_SERVER['DOCUMENT_ROOT'] . '/views/footer.php') ?>
|
||||
</body>
|
||||
|
@ -29,7 +29,7 @@
|
||||
<img src="https://cdn-icons-png.flaticon.com/512/4139/4139948.png" alt="Avatar">
|
||||
<h2>Créer un compte</h2>
|
||||
<p>Créez un nouveau compte afin d'accéder à l'entièreté du site.</p>
|
||||
<form>
|
||||
<form action="register/register.php" method="post">
|
||||
<div class="form-group">
|
||||
<label for="name"><span style="color:red;"><abbr title="Requis">*</abbr></span> Prénom</label>
|
||||
<input type="text" id="name" name="name" placeholder="Jean" required placeholder=" ">
|
||||
@ -50,7 +50,7 @@
|
||||
|
||||
<div class="form-group">
|
||||
<label for="code-role">Code rôle :</label>
|
||||
<input type="text" id="code-role" name="code-role" placeholder="M25QP" placeholder=" ">
|
||||
<input type="text" id="code-role" name="code-role" placeholder="A69DP" placeholder=" ">
|
||||
</div>
|
||||
|
||||
<button type="submit" class="submit-button"><i class="fas fa-sign-in-alt"></i>
|
||||
|
@ -1,5 +1,6 @@
|
||||
<?php
|
||||
require_once ($_SERVER['DOCUMENT_ROOT'] . '/tools/dbConnect.php');
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/tools/dbConnect.php';
|
||||
|
||||
/*
|
||||
- prénom, nom, mail, mdp, code rôle
|
||||
- vérifier que le mail n'existe pas déjà
|
||||
@ -8,40 +9,113 @@ require_once ($_SERVER['DOCUMENT_ROOT'] . '/tools/dbConnect.php');
|
||||
- enregistrer le nouvel utilisateur dans la bdd
|
||||
- créer un cookie avec mail, nom, prénom, rôle. Qui expire dans 1h
|
||||
*/
|
||||
|
||||
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||
$name = htmlspecialchars($_POST["name"]);
|
||||
$familyName = htmlspecialchars($_POST["family-name"]);
|
||||
$email = htmlspecialchars($_POST["email"]);
|
||||
$password = htmlspecialchars($_POST["password"]);
|
||||
$codeRole = htmlspecialchars($_POST["code-role"]);
|
||||
}
|
||||
|
||||
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
|
||||
|
||||
$query = "SELECT mail FROM user WHERE mail = '$email'";
|
||||
$result = mysqli_query($db, $query);
|
||||
|
||||
if (!$result) {
|
||||
die("Erreur lors de l'exécution de la requête.");
|
||||
}
|
||||
|
||||
$row = mysqli_fetch_assoc($result);
|
||||
|
||||
if ($row) {
|
||||
die("Un utilisateur avec cette adresse mail existe déjà.");
|
||||
}
|
||||
|
||||
if ($codeRole == "M25QP") {
|
||||
$role = "admin";
|
||||
} else if ($codeRole == "TF53K") {
|
||||
$role = "sportif";
|
||||
} else if ($codeRole == "VJC6V") {
|
||||
$role = "organisateur";
|
||||
} else {
|
||||
$role = "member";
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
|
||||
<!DOCTYPE html>
|
||||
<html lang="fr">
|
||||
|
||||
<head>
|
||||
<meta charset="UTF-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<link rel="stylesheet" href="../../styles/main.css" />
|
||||
<link rel="stylesheet" href="../../styles/header.css" />
|
||||
<link rel="stylesheet" href="../../styles/footer.css" />
|
||||
<link href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css" rel="stylesheet" />
|
||||
|
||||
<link rel="icon" type="image/png" sizes="32x32"
|
||||
href="https://tickets.paris2024.org/obj/media/FR-Paris2024/specialLogos/favicons/favicon-32x32.png" />
|
||||
<script src="https://kit.fontawesome.com/f16a36bad3.js" crossorigin="anonymous"></script>
|
||||
<title>Jeux Olympiques - Paris 2024</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<?php include ($_SERVER['DOCUMENT_ROOT'] . '/views/header.php');
|
||||
|
||||
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||
$name = htmlspecialchars($_POST["name"]);
|
||||
$familyName = htmlspecialchars($_POST["family_name"]);
|
||||
$email = htmlspecialchars($_POST["email"]);
|
||||
$password = htmlspecialchars($_POST["password"]);
|
||||
$codeRole = htmlspecialchars($_POST["code-role"]);
|
||||
}
|
||||
|
||||
$hashedPassword = sha1($password);
|
||||
|
||||
$query = "SELECT mail FROM user WHERE mail = '$email'";
|
||||
$result = mysqli_query($db, $query);
|
||||
|
||||
if (!$result) {
|
||||
die("Erreur lors de l'exécution de la requête.");
|
||||
}
|
||||
|
||||
$row = mysqli_fetch_assoc($result);
|
||||
|
||||
if ($row) {
|
||||
die("<p>Un utilisateur avec cette adresse mail existe déjà.</p>");
|
||||
}
|
||||
|
||||
if ($codeRole == "M25QP") {
|
||||
$role = "Administrateur";
|
||||
} else if ($codeRole == "TF53K") {
|
||||
$role = "Sportif";
|
||||
} else if ($codeRole == "VJC6V") {
|
||||
$role = "Organisateur";
|
||||
} else {
|
||||
$role = "Membre";
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
$addUser = "INSERT INTO `user`(`mail`, `name`, `family_name`, `role`, `password`) VALUES ('$email', '$name', '$familyName', '$role', '$hashedPassword')";
|
||||
|
||||
|
||||
$resultAddUser = mysqli_query($db, $addUser);
|
||||
if (!$resultAddUser) {
|
||||
echo "<p class='text'>Erreur lors de l'exécution de la requête.</p>";
|
||||
} else {
|
||||
if (mysqli_affected_rows($db) > 0) {
|
||||
echo "<p class='text'>Utilisateur créé avec succès. </p>";
|
||||
} else {
|
||||
echo "<p class='text'>Aucun utilisateur n\'a été ajouté.</p>";
|
||||
}
|
||||
}
|
||||
echo "<p class='text'>Prénom : " . $name . "</p>";
|
||||
echo "<p class='text'>Nom : " . $familyName . "</p>";
|
||||
echo "<p class='text'>Adresse mail : " . $email . "</p>";
|
||||
echo "<p class='text'>Mot de passe : " . $password . "</p>";
|
||||
echo "<p class='text'>Mot de passe hashé : " . $hashedPassword . "</p>";
|
||||
echo "<p class='text'>Rôle : " . $role . "</p>";
|
||||
|
||||
|
||||
// Créer un tableau avec les données utilisateur
|
||||
$userData = array(
|
||||
"email" => $email,
|
||||
"name" => $name,
|
||||
"familyName" => $familyName,
|
||||
"role" => $role,
|
||||
);
|
||||
// Sérialiser le tableau en JSON
|
||||
$userDataEncoded = json_encode($userData);
|
||||
// Stocker les données sérialisées dans un cookie
|
||||
setcookie("userData", $userDataEncoded, time() + 3600, "/");
|
||||
|
||||
echo "<p class='text'>Cookie créé avec succès. Contenu du cookie :</p>";
|
||||
echo "<p class='text'>" . $userDataEncoded . "</p>";
|
||||
|
||||
include ($_SERVER['DOCUMENT_ROOT'] . '/views/footer.php');
|
||||
?>
|
||||
|
||||
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
||||
<?php
|
||||
$newURL = "/account/profile";
|
||||
header("Location: " . $newURL);
|
||||
die();
|
||||
?>
|
18
base.html
18
base.html
@ -1,3 +1,19 @@
|
||||
<?php
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/tools/dbConnect.php';
|
||||
|
||||
if (isset($_COOKIE['userData'])) {
|
||||
$userDataEncoded = $_COOKIE['userData'];
|
||||
$userData = json_decode($userDataEncoded, true); // 'true' pour obtenir un tableau associatif
|
||||
|
||||
$email = $userData['email'];
|
||||
$name = $userData['name'];
|
||||
$familyName = $userData['familyName'];
|
||||
$role = $userData['role'];
|
||||
} else {
|
||||
echo "Cookie 'userData' non trouvé.";
|
||||
}
|
||||
?>
|
||||
|
||||
<!DOCTYPE html>
|
||||
<html lang="fr">
|
||||
<head>
|
||||
@ -25,7 +41,7 @@
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<?php include($_SERVER['DOCUMENT_ROOT'].'/views/header.php')?>
|
||||
<?php include?>
|
||||
|
||||
<!-- code de la page ici -->
|
||||
|
||||
|
36
tools/logout.php
Normal file
36
tools/logout.php
Normal file
@ -0,0 +1,36 @@
|
||||
<?php
|
||||
// Démarrage de la session pour accéder aux variables de session
|
||||
session_start();
|
||||
|
||||
// Vérifier et détruire le cookie utilisateur
|
||||
if (isset($_COOKIE['userData'])) {
|
||||
// Effacer la valeur du cookie
|
||||
unset($_COOKIE['userData']);
|
||||
// Demander au navigateur de supprimer le cookie
|
||||
setcookie('userData', '', time() - 3600, '/'); // Définit l'expiration du cookie à une heure dans le passé
|
||||
}
|
||||
|
||||
// Nettoyer toutes les données de session
|
||||
$_SESSION = array(); // Efface toutes les données stockées dans la session
|
||||
|
||||
// Si vous voulez détruire complètement la session, supprimez également le cookie de session
|
||||
if (ini_get("session.use_cookies")) {
|
||||
$params = session_get_cookie_params();
|
||||
setcookie(
|
||||
session_name(),
|
||||
'',
|
||||
time() - 42000,
|
||||
$params["path"],
|
||||
$params["domain"],
|
||||
$params["secure"],
|
||||
$params["httponly"]
|
||||
);
|
||||
}
|
||||
|
||||
// Finalement, détruire la session
|
||||
session_destroy();
|
||||
|
||||
// Rediriger l'utilisateur vers la page de connexion ou la page d'accueil
|
||||
header("Location: /account/login");
|
||||
exit(); // Assurez-vous de terminer le script après la redirection
|
||||
?>
|
@ -1,4 +1,19 @@
|
||||
<!-- Site footer -->
|
||||
<?php
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/tools/dbConnect.php';
|
||||
|
||||
if (isset($_COOKIE['userData'])) {
|
||||
$userDataEncoded = $_COOKIE['userData'];
|
||||
$userData = json_decode($userDataEncoded, true); // 'true' pour obtenir un tableau associatif
|
||||
|
||||
$email = $userData['email'];
|
||||
$name = $userData['name'];
|
||||
$familyName = $userData['familyName'];
|
||||
$role = $userData['role'];
|
||||
} else {
|
||||
echo "Cookie 'userData' non trouvé.";
|
||||
}
|
||||
?>
|
||||
|
||||
<footer class="site-footer">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
@ -23,6 +38,13 @@
|
||||
<ul class="footer-links">
|
||||
<li><a href="https://grond.iut-fbleau.fr/balocchi/SAE_web" target="_blank">Code source du site</a>
|
||||
</li>
|
||||
<li>
|
||||
<?php if (isset($_COOKIE['userData'])) {
|
||||
echo "<a href='/account/profile'>Mon profil</a>";
|
||||
} else {
|
||||
echo "<a href='/account/login'>Connexion</a>";
|
||||
} ?>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -1,3 +1,17 @@
|
||||
<?php
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/tools/dbConnect.php';
|
||||
|
||||
if (isset($_COOKIE['userData'])) {
|
||||
$userDataEncoded = $_COOKIE['userData'];
|
||||
$userData = json_decode($userDataEncoded, true); // 'true' pour obtenir un tableau associatif
|
||||
|
||||
$email = $userData['email'];
|
||||
$name = $userData['name'];
|
||||
$familyName = $userData['familyName'];
|
||||
$role = $userData['role'];
|
||||
}
|
||||
?>
|
||||
|
||||
<nav class="menu-container">
|
||||
<!-- burger menu -->
|
||||
<input type="checkbox" aria-label="Toggle menu" />
|
||||
@ -21,9 +35,15 @@
|
||||
</ul>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/account/login">
|
||||
Connexion
|
||||
</a>
|
||||
<?php
|
||||
if (isset($_COOKIE['userData'])) {
|
||||
echo "<a href='/account/profile'>Mon profil</a>";
|
||||
} else {
|
||||
echo "<a href='/account/login'>Connexion</a>";
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
<!-- script php qui vérifie le cookie. Si cookie, propose déconnexion, si pas cookie propose connexion -->
|
||||
</li>
|
||||
</ul>
|
||||
|
Loading…
Reference in New Issue
Block a user