Ajout du cryptage

2024-06-19 14:12:28 +02:00
parent 2e8d69d46b
commit 7015b79a49
3 changed files with 41 additions and 23 deletions
--- a/codeigniter/application/controllers/ConnexionController.php
+++ b/codeigniter/application/controllers/ConnexionController.php
@@ -16,30 +16,29 @@ class ConnexionController extends CI_Controller {
    }

    public function authentifier() {
-    
-        if($_SERVER["REQUEST_METHOD"] == "POST"){
+        if ($_SERVER["REQUEST_METHOD"] == "POST") {
            $email = $_POST['email'];
            $password = $_POST['password'];
-            if($email != "" && $password != ""){
+            if (!empty($email) && !empty($password)) {
                $this->load->database();
-                $query = $this->db->query("SELECT * FROM users WHERE email = '$email' AND mdp = '$password'");
+                // Utilisation d'une requête préparée pour éviter les injections SQL
+                $query = $this->db->query("SELECT * FROM users WHERE email = ?", array($email));
                $result = $query->row(); // Récupérer la première ligne de résultat
-    
-                if($result){ // Vérifier si l'utilisateur existe
-                    $this->session->set_userdata('user_id', $result->id);
-                    $this->session->set_userdata('pseudo', $result->pseudo);
-                    redirect('../index.php');
+                if ($result) { // Vérifier si l'utilisateur existe
+                    if (password_verify($password, $result->mdp)) { // Vérifier si le mot de passe est correct
+                        $this->session->set_userdata('user_id', $result->id);
+                        $this->session->set_userdata('pseudo', $result->pseudo);
+                        redirect('../index.php');
+                    } else {
+                        $data['error_msg'] = "Email ou mot de passe incorrect.";
+                    }
                } else {
                    $data['error_msg'] = "Email ou mot de passe incorrect.";
                }
            }
-
-            echo "<pre>";
-            print_r($this->session->userdata());
-            echo "</pre>";
-
+    
            $this->load->view('layout/header');
-            $this->load->view('connexion', $data);
+            $this->load->view('connexion', isset($data) ? $data : []);
            $this->load->view('layout/footer');
        }
    }
@@ -55,22 +54,18 @@ class ConnexionController extends CI_Controller {
            $nom = strtoupper($this->input->post('nom'));
            $pseudo = $this->input->post('pseudo');
            $mdp = $this->input->post('pass');
+            $mdpcrypte = password_hash($mdp, PASSWORD_DEFAULT);
            $email = $this->input->post('email');
-    
            $data = array(
                'pseudo' => $pseudo,
                'nom' => $nom,
                'prenom' => $prenom,
-                'mdp' => $mdp,
+                'mdp' => $mdpcrypte,
                'email' => $email
            );
    
            $this->db->insert('users', $data);
-
-            $this->session->set_userdata('pseudo', $pseudo);
-            redirect('../index.php');
-    
-
+            $data['confirmation_message'] = "Inscription réussie ! Vous êtes maintenant inscrit.";
            $this->load->view('layout/header');
            $this->load->view('connexion', $data);
            $this->load->view('layout/footer');