Web/TP/TPSecurite/user_login.php
2023-05-25 11:53:03 +02:00

40 lines
960 B
PHP
Executable File

<?php
require_once 'lib/common.php';
session_start();
if (!empty($_REQUEST['login']) && !empty($_REQUEST['password'])) {
$db = initDatabase();
$sql = "SELECT * FROM user "
."WHERE login='".$_POST['login']."' AND password='".$_POST['password']."'";
$req = mysqli_query($db,$sql);
$user=mysqli_fetch_assoc($req);
if ($user) {
$_SESSION['user'] = $user;
header('Location: article_list.php');
exit();
}
}
?>
<?php
include 'templates/header.php';
?>
<body container>
<h1>Authentification et injection SQL</h1>
<form action="" method="POST">
<fieldset>
<div>
<label> Login : <input name="login" type="text" value="<?php if (isset($_REQUEST['login'])) { echo $_REQUEST['login']; } ?>" /> </label></div>
<div><label> Mot de passe : <input name="password" type="password" value="" /> </label></div>
<button type="submit" name="ok" value="1">S'authentifier</button>
</fieldset>
</form>
<?php
include './templates/footer.php';
?>
</body>
</html>