🔧 modification du login/register + implémentation du cookie de session
Co-authored-by: Charpentier Juliette <juliette.charpentier1@etu.u-pec.fr>
This commit is contained in:
@@ -5,19 +5,6 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||
$email = htmlspecialchars($_POST["email"]);
|
||||
$password = htmlspecialchars($_POST["password"]);
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
<?php
|
||||
/*
|
||||
if (isset($_COOKIE["savemdp"])) {
|
||||
$savemdp = $_COOKIE["savemdp"];
|
||||
} else {
|
||||
$savemdp = null;
|
||||
|
||||
setcookie("savemdp", $savemdp, time() + 3600);
|
||||
}*/
|
||||
?>
|
||||
|
||||
/*
|
||||
hasher le mdp
|
||||
@@ -26,47 +13,81 @@ hasher le mdp
|
||||
- créer un cookie avec mail, nom, prénom, rôle. Qui expire dans 1h
|
||||
une fois bien connecté, on redirige vers /account/profile
|
||||
*/
|
||||
<html>
|
||||
?>
|
||||
<?php
|
||||
$hashedPassword = sha1($password);
|
||||
$resultat = mysqli_query($db, "SELECT *
|
||||
FROM user
|
||||
WHERE mail = $email AND password = $hashedPassword");
|
||||
|
||||
<head>
|
||||
<meta charset="UTF-8" />
|
||||
</head>
|
||||
$query = "SELECT mail, password
|
||||
FROM user
|
||||
WHERE mail = '$email'";
|
||||
$result = mysqli_query($db, $query);
|
||||
|
||||
<body container>
|
||||
<form method="POST" action="https://but.lbalocchi.fr/account/login">
|
||||
<?php
|
||||
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
|
||||
$resultat = mysqli_query($db, "SELECT mail, password
|
||||
FROM user
|
||||
WHERE mail = $email AND password = $hashedPassword");
|
||||
echo "adresse mail : " . $email . "<br>";
|
||||
echo "mot de passe : " . $password . "<br>";
|
||||
/*test loris*/
|
||||
$query = "SELECT mail, password FROM user
|
||||
WHERE mail = '$email'";
|
||||
$result = mysqli_query($db, $query);
|
||||
if (!$result) {
|
||||
die("Erreur lors de l'exécution de la requête.");
|
||||
}
|
||||
|
||||
if (!$result) {
|
||||
die("Erreur lors de l'exécution de la requête.");
|
||||
}
|
||||
if (!$password) {
|
||||
die("Combinaison email/mot de passe incorrecte.");
|
||||
}
|
||||
if (!$email) {
|
||||
die("Combinaison email/mot de passe incorrecte.");
|
||||
} else {
|
||||
echo "<p>Connexion réussie</p>";
|
||||
|
||||
$row = mysqli_fetch_assoc($result);
|
||||
$storedPassword = $row['password'];
|
||||
// Requête pour récupérer les informations de l'utilisateur
|
||||
$query = "SELECT name, family_name, role FROM user WHERE mail = '$email'";
|
||||
$result = mysqli_query($db, $query);
|
||||
|
||||
if (password_verify($password, $storedPassword)) {
|
||||
// Authentication successful
|
||||
// Set the necessary cookies and redirect to /account/profile
|
||||
// ...
|
||||
} else {
|
||||
die("Combinaison email/mot de passe incorrecte.");
|
||||
}
|
||||
?>
|
||||
if (!$result) {
|
||||
die('Erreur de requête : ' . mysqli_error($db));
|
||||
}
|
||||
|
||||
Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that
|
||||
corresponds to
|
||||
your MariaDB server version for the right syntax to use near '@fesse.fr AND password =
|
||||
$2y$10$whzDnlmJvcSJdXqkr7SoAu5B7gmxJgcVPNT3Nr9oAPMAd...' at line 3 in
|
||||
C:\Users\Loris\Documents\DEV\gitea\SAE_web\account\login\login.php:28 Stack trace: #0
|
||||
C:\Users\Loris\Documents\DEV\gitea\SAE_web\account\login\login.php(28): mysqli_query(Object(mysqli), 'SELECT
|
||||
mail,
|
||||
pa...') #1 {main} thrown in C:\Users\Loris\Documents\DEV\gitea\SAE_web\account\login\login.php on line 28
|
||||
// Récupération des données
|
||||
if ($row = mysqli_fetch_assoc($result)) {
|
||||
$nameFetched = $row['name'];
|
||||
$familyNameFetched = $row['family_name'];
|
||||
$roleFetched = $row['role'];
|
||||
} else {
|
||||
echo "Aucun utilisateur trouvé avec cet email.";
|
||||
}
|
||||
|
||||
|
||||
$userData = array(
|
||||
"email" => $email,
|
||||
"name" => $nameFetched,
|
||||
"familyName" => $familyNameFetched,
|
||||
"role" => $roleFetched
|
||||
);
|
||||
|
||||
$userDataEncoded = json_encode($userData);
|
||||
|
||||
setcookie("userData", $userDataEncoded, time() + 3600, "/");
|
||||
|
||||
|
||||
if (isset($_COOKIE['userData'])) {
|
||||
$userDataEncoded = $_COOKIE['userData'];
|
||||
$userData = json_decode($userDataEncoded, true); // 'true' pour obtenir un tableau associatif
|
||||
|
||||
echo "Email : " . $userData['email'] . "<br>";
|
||||
echo "Prénom : " . $userData['name'] . "<br>";
|
||||
echo "Nom : " . $userData['familyName'] . "<br>";
|
||||
echo "Rôle : " . $userData['role'] . "<br>";
|
||||
} else {
|
||||
echo "Cookie 'userData' non trouvé.";
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
$newURL = "/account/profile";
|
||||
header("Location: " . $newURL);
|
||||
die();
|
||||
|
||||
|
||||
?>
|
||||
Reference in New Issue
Block a user