plateforme-tfjm2/server_files/connexion.php

<?php

include 'config.php';

if (isset($_POST["submitted"]) && !isset($_SESSION["user_id"])) {
    $error_message = login();
}

function login() {
    global $DB, $YEAR;

    $email = htmlspecialchars($_POST["email"]);

    if (!filter_var($email, FILTER_VALIDATE_EMAIL))
        return "L'email entrée est invalide.";

    $password = htmlspecialchars($_POST["password"]);

    $result = $DB->query("SELECT `id`, `pwd_hash`, `email`, `surname`, `first_name`, `role`, `team_id` FROM `users` WHERE `email` = '" . $email . "';");
    if (($data = $result->fetch()) === FALSE)
        return "Le compte n'existe pas.";

    if (!password_verify($password, $data["pwd_hash"]))
        return "Le mot de passe est incorrect.";

    $_SESSION["user_id"] = $data["id"];
	$_SESSION["email"] = $data["email"];
	$_SESSION["surname"] = $data["surname"];
	$_SESSION["first_name"] = $data["first_name"];
	$_SESSION["role"] = $data["role"];
	$_SESSION["team_id"] = $data["team_id"];

    $response = $DB->query("SELECT `tournament`, `validation_status` FROM `teams` WHERE `id` ='" . $_SESSION["team_id"] . "' AND `year` = '$YEAR';");
    $data = $response->fetch();
    $_SESSION["tournament_id"] = $data["tournament"];
    $_SESSION["team_validation_status"] = $data["validation_status"];

    return false;
}

?>

<?php include "header.php" ?>

<?php if (isset($error_message) && $error_message) echo "<h2>Erreur : " . $error_message . "</h2>"; ?>

<?php
if (isset($error_message) && $error_message === FALSE) {
    ?>
    Connexion réussie !
    <?php } else if (isset($_SESSION["user_id"])) { ?>

    <h2>Vous êtes déjà connecté !</h2>

    <?php } else { ?>

<form method="POST">
    <input type="hidden" name="submitted" value="true" />
    <table>
        <tr>
            <td><label for="email">E-mail :</label></td>
            <td><input type="email" id="email" name="email" value="<?php if (isset($email)) echo $email ?>" /></td>
        </tr>
        <tr>
            <td><label for="password">Mot de passe :</label></td>
            <td><input type="password" id="password" name="password" /></td>
        </tr>
        <tr>
            <td colspan="2"><input type="submit" /></td>
        </tr>
    </table>
</form>

<?php include "footer.php" ?>

<?php } ?>