forked from ghouar-t/SaeDEV2.2
77 lines
2.7 KiB
PHP
77 lines
2.7 KiB
PHP
<!DOCTYPE html>
|
|
<html lang="fr">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<link rel="icon" href="../img/jo2024.jpg">
|
|
<link rel="stylesheet" href="../css/style.css">
|
|
<title>Connexion - Jeux Olympiques</title>
|
|
</head>
|
|
<body>
|
|
<?php
|
|
require_once 'common.php';
|
|
session_start();
|
|
|
|
if (!empty($_POST['login']) && !empty($_POST['password'])) {
|
|
$db = initDatabase();
|
|
$login = htmlspecialchars($_POST['login'], ENT_QUOTES, 'UTF-8');
|
|
$password = htmlspecialchars($_POST['password'], ENT_QUOTES, 'UTF-8');
|
|
|
|
// Use prepared statements to prevent SQL injection
|
|
$stmt = $db->prepare("SELECT * FROM user WHERE login = ?");
|
|
$stmt->bind_param("s", $login);
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
|
|
if ($result->num_rows > 0) {
|
|
$row = $result->fetch_assoc();
|
|
$hash = $row['mdp'];
|
|
$mail = $row['mail'];
|
|
$nom = $row['nom'];
|
|
$prenom = $row['prenom'];
|
|
$genre = $row['genre'];
|
|
$role = $row['Role'];
|
|
|
|
if (password_verify($password, $hash)) {
|
|
$_SESSION['login'] = $login;
|
|
$_SESSION['mail'] = $mail;
|
|
$_SESSION['nom'] = $nom;
|
|
$_SESSION['prenom'] = $prenom;
|
|
$_SESSION['genre'] = $genre;
|
|
$_SESSION['role'] = $role;
|
|
|
|
header('Location: ../index.php');
|
|
exit();
|
|
} else {
|
|
$error_verif2 = "Mot de passe incorrect";
|
|
}
|
|
} else {
|
|
$error_verif = "Ce login n'existe pas";
|
|
}
|
|
$stmt->close();
|
|
}
|
|
?>
|
|
<header>
|
|
<h1 class='Hello'>Page de connexion</h1>
|
|
<nav>
|
|
<a href="../" class="categorie">Page d'accueil</a>
|
|
</nav>
|
|
</header>
|
|
<div class="connexion">
|
|
<u><i><h2>Connexion</h2></i></u><br>
|
|
<form action="" method="post">
|
|
<label for="login">Login :</label><br>
|
|
<input type="text" id="login" name="login" required value="<?php if (isset($_POST['login'])) { echo htmlspecialchars($_POST['login'], ENT_QUOTES, 'UTF-8'); } ?>"><br>
|
|
<?php if (isset($error_verif)) { echo "<div class='error-message'>$error_verif</div>"; } ?>
|
|
<br><br><label for="password">Mot de passe :</label><br>
|
|
<input type="password" id="password" name="password" required placeholder="••••••••" value="<?php if (isset($_POST['password'])) { echo htmlspecialchars($_POST['password'], ENT_QUOTES, 'UTF-8'); } ?>"><br>
|
|
<?php if (isset($error_verif2)) { echo "<div class='error-message'>$error_verif2</div>"; } ?>
|
|
<br><br><button type="submit" class="submit">Se connecter</button>
|
|
</form>
|
|
<p class="compteUser">Vous ne possédez pas de compte ? <br><a href="inscription.php">Inscrivez-vous !</a></p>
|
|
</div>
|
|
<footer>
|
|
<?php require_once('footer.php'); ?>
|
|
</footer>
|
|
</body>
|
|
</html>
|