<?php
include 'config.php';
if (isset($_POST["submitted"]) && !isset($_SESSION["user_id"])) {
$error_message = login();
}
function login() {
global $DB, $YEAR;
$email = htmlspecialchars($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
return "L'email entrée est invalide.";
$password = htmlspecialchars($_POST["password"]);
$result = $DB->query("SELECT `id`, `pwd_hash`, `email`, `surname`, `first_name`, `role`, `team_id` FROM `users` WHERE `email` = '" . $email . "';");
if (($data = $result->fetch()) === FALSE)
return "Le compte n'existe pas.";
if (!password_verify($password, $data["pwd_hash"]))
return "Le mot de passe est incorrect.";
$_SESSION["user_id"] = $data["id"];
$_SESSION["email"] = $data["email"];
$_SESSION["surname"] = $data["surname"];
$_SESSION["first_name"] = $data["first_name"];
$_SESSION["role"] = $data["role"];
$_SESSION["team_id"] = $data["team_id"];
$response = $DB->query("SELECT `tournament`, `validation_status` FROM `teams` WHERE `id` ='" . $_SESSION["team_id"] . "' AND `year` = '$YEAR';");
$data = $response->fetch();
$_SESSION["tournament_id"] = $data["tournament"];
$_SESSION["team_validation_status"] = $data["validation_status"];
return false;
}
?>
<?php include "header.php" ?>
<?php if (isset($error_message) && $error_message) echo "<h2>Erreur : " . $error_message . "</h2>"; ?>
<?php
if (isset($error_message) && $error_message === FALSE) {
?>
Connexion réussie !
<?php } else if (isset($_SESSION["user_id"])) { ?>
<h2>Vous êtes déjà connecté !</h2>
<?php } else { ?>
<form method="POST">
<input type="hidden" name="submitted" value="true" />
<table>
<tr>
<td><label for="email">E-mail :</label></td>
<td><input type="email" id="email" name="email" value="<?php if (isset($email)) echo $email ?>" /></td>
</tr>
<tr>
<td><label for="password">Mot de passe :</label></td>
<td><input type="password" id="password" name="password" /></td>
</tr>
<tr>
<td colspan="2"><input type="submit" /></td>
</tr>
</table>
</form>
<?php include "footer.php" ?>
<?php } ?>