40 lines
960 B
PHP
40 lines
960 B
PHP
|
<?php
|
||
|
require_once 'lib/common.php';
|
||
|
session_start();
|
||
|
|
||
|
if (!empty($_REQUEST['login']) && !empty($_REQUEST['password'])) {
|
||
|
$db = initDatabase();
|
||
|
$sql = "SELECT * FROM user "
|
||
|
."WHERE login='".$_POST['login']."' AND password='".$_POST['password']."'";
|
||
|
|
||
|
$req = mysqli_query($db,$sql);
|
||
|
$user=mysqli_fetch_assoc($req);
|
||
|
if ($user) {
|
||
|
$_SESSION['user'] = $user;
|
||
|
header('Location: article_list.php');
|
||
|
exit();
|
||
|
}
|
||
|
}
|
||
|
|
||
|
?>
|
||
|
<?php
|
||
|
include 'templates/header.php';
|
||
|
?>
|
||
|
|
||
|
<body container>
|
||
|
|
||
|
<h1>Authentification et injection SQL</h1>
|
||
|
<form action="" method="POST">
|
||
|
<fieldset>
|
||
|
<div>
|
||
|
<label> Login : <input name="login" type="text" value="<?php if (isset($_REQUEST['login'])) { echo $_REQUEST['login']; } ?>" /> </label></div>
|
||
|
<div><label> Mot de passe : <input name="password" type="password" value="" /> </label></div>
|
||
|
<button type="submit" name="ok" value="1">S'authentifier</button>
|
||
|
</fieldset>
|
||
|
</form>
|
||
|
<?php
|
||
|
include './templates/footer.php';
|
||
|
?>
|
||
|
</body>
|
||
|
</html>
|