SaeDEV2.2/php/connexion.php

77 lines
2.7 KiB
PHP
Raw Permalink Normal View History

2024-06-16 17:25:25 +02:00
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="utf-8">
2024-06-16 17:25:25 +02:00
<link rel="icon" href="../img/jo2024.jpg">
<link rel="stylesheet" href="../css/style.css">
<title>Connexion - Jeux Olympiques</title>
</head>
<body>
2024-06-10 19:29:21 +02:00
<?php
2024-06-11 11:27:58 +02:00
require_once 'common.php';
session_start();
2024-06-16 17:25:25 +02:00
if (!empty($_POST['login']) && !empty($_POST['password'])) {
2024-06-11 11:27:58 +02:00
$db = initDatabase();
2024-06-16 17:25:25 +02:00
$login = htmlspecialchars($_POST['login'], ENT_QUOTES, 'UTF-8');
$password = htmlspecialchars($_POST['password'], ENT_QUOTES, 'UTF-8');
2024-06-10 19:29:21 +02:00
2024-06-16 17:25:25 +02:00
// Use prepared statements to prevent SQL injection
$stmt = $db->prepare("SELECT * FROM user WHERE login = ?");
$stmt->bind_param("s", $login);
$stmt->execute();
$result = $stmt->get_result();
2024-06-10 19:29:21 +02:00
2024-06-16 17:25:25 +02:00
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
2024-06-11 11:27:58 +02:00
$hash = $row['mdp'];
$mail = $row['mail'];
$nom = $row['nom'];
$prenom = $row['prenom'];
$genre = $row['genre'];
2024-06-16 17:25:25 +02:00
$role = $row['Role'];
2024-06-10 19:29:21 +02:00
2024-06-11 11:27:58 +02:00
if (password_verify($password, $hash)) {
2024-06-16 17:25:25 +02:00
$_SESSION['login'] = $login;
$_SESSION['mail'] = $mail;
$_SESSION['nom'] = $nom;
$_SESSION['prenom'] = $prenom;
$_SESSION['genre'] = $genre;
$_SESSION['role'] = $role;
header('Location: ../index.php');
exit();
2024-06-11 11:27:58 +02:00
} else {
$error_verif2 = "Mot de passe incorrect";
2024-06-11 11:27:58 +02:00
}
2024-06-10 19:29:21 +02:00
} else {
$error_verif = "Ce login n'existe pas";
2024-06-16 17:25:25 +02:00
}
$stmt->close();
2024-06-10 19:29:21 +02:00
}
2024-06-11 11:27:58 +02:00
?>
2024-06-16 17:25:25 +02:00
<header>
<h1 class='Hello'>Page de connexion</h1>
<nav>
<a href="../" class="categorie">Page d'accueil</a>
</nav>
</header>
<div class="connexion">
<u><i><h2>Connexion</h2></i></u><br>
<form action="" method="post">
<label for="login">Login :</label><br>
<input type="text" id="login" name="login" required value="<?php if (isset($_POST['login'])) { echo htmlspecialchars($_POST['login'], ENT_QUOTES, 'UTF-8'); } ?>"><br>
<?php if (isset($error_verif)) { echo "<div class='error-message'>$error_verif</div>"; } ?>
<br><br><label for="password">Mot de passe :</label><br>
<input type="password" id="password" name="password" required placeholder="••••••••" value="<?php if (isset($_POST['password'])) { echo htmlspecialchars($_POST['password'], ENT_QUOTES, 'UTF-8'); } ?>"><br>
<?php if (isset($error_verif2)) { echo "<div class='error-message'>$error_verif2</div>"; } ?>
<br><br><button type="submit" class="submit">Se connecter</button>
</form>
<p class="compteUser">Vous ne possédez pas de compte ? <br><a href="inscription.php">Inscrivez-vous !</a></p>
</div>
<footer>
<?php require_once('footer.php'); ?>
2024-06-16 17:25:25 +02:00
</footer>
2024-06-11 11:27:58 +02:00
</body>
2024-06-16 17:25:25 +02:00
</html>