77 lines
2.2 KiB
PHP
77 lines
2.2 KiB
PHP
|
<?php
|
||
|
|
||
|
include 'config.php';
|
||
|
|
||
|
if (isset($_POST["submitted"]) && !isset($_SESSION["user_id"])) {
|
||
|
$error_message = login();
|
||
|
}
|
||
|
|
||
|
function login() {
|
||
|
global $DB, $YEAR;
|
||
|
|
||
|
$email = htmlspecialchars($_POST["email"]);
|
||
|
|
||
|
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
|
||
|
return "L'email entrée est invalide.";
|
||
|
|
||
|
$password = htmlspecialchars($_POST["password"]);
|
||
|
|
||
|
$result = $DB->query("SELECT `id`, `pwd_hash`, `email`, `surname`, `first_name`, `role`, `team_id` FROM `users` WHERE `email` = '" . $email . "';");
|
||
|
if (($data = $result->fetch()) === FALSE)
|
||
|
return "Le compte n'existe pas.";
|
||
|
|
||
|
if (!password_verify($password, $data["pwd_hash"]))
|
||
|
return "Le mot de passe est incorrect.";
|
||
|
|
||
|
$_SESSION["user_id"] = $data["id"];
|
||
|
$_SESSION["email"] = $data["email"];
|
||
|
$_SESSION["surname"] = $data["surname"];
|
||
|
$_SESSION["first_name"] = $data["first_name"];
|
||
|
$_SESSION["role"] = $data["role"];
|
||
|
$_SESSION["team_id"] = $data["team_id"];
|
||
|
|
||
|
$response = $DB->query("SELECT `tournament`, `validation_status` FROM `teams` WHERE `id` ='" . $_SESSION["team_id"] . "' AND `year` = '$YEAR';");
|
||
|
$data = $response->fetch();
|
||
|
$_SESSION["tournament_id"] = $data["tournament"];
|
||
|
$_SESSION["team_validation_status"] = $data["validation_status"];
|
||
|
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
?>
|
||
|
|
||
|
<?php include "header.php" ?>
|
||
|
|
||
|
<?php if (isset($error_message) && $error_message) echo "<h2>Erreur : " . $error_message . "</h2>"; ?>
|
||
|
|
||
|
<?php
|
||
|
if (isset($error_message) && $error_message === FALSE) {
|
||
|
?>
|
||
|
Connexion réussie !
|
||
|
<?php } else if (isset($_SESSION["user_id"])) { ?>
|
||
|
|
||
|
<h2>Vous êtes déjà connecté !</h2>
|
||
|
|
||
|
<?php } else { ?>
|
||
|
|
||
|
<form method="POST">
|
||
|
<input type="hidden" name="submitted" value="true" />
|
||
|
<table>
|
||
|
<tr>
|
||
|
<td><label for="email">E-mail :</label></td>
|
||
|
<td><input type="email" id="email" name="email" value="<?php if (isset($email)) echo $email ?>" /></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td><label for="password">Mot de passe :</label></td>
|
||
|
<td><input type="password" id="password" name="password" /></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td colspan="2"><input type="submit" /></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</form>
|
||
|
|
||
|
<?php include "footer.php" ?>
|
||
|
|
||
|
<?php } ?>
|