1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119
| // Connexion via formulaire -> AJAX
$lg = $mysqli->real_escape_string(stripslashes($_POST["lg"]));
$mp = $mysqli->real_escape_string(stripslashes($_POST["mp"]));
$rm = $mysqli->real_escape_string(intval($_POST["rm"]));
$r = $mysqli->query("SELECT id, mdp, cle, nom, prenom, valid, vcode FROM users WHERE email = '".$lg."' LIMIT 1");
$nb = mysqli_num_rows($r);
if(!empty($nb)) {
$v = mysqli_fetch_assoc($r);
$idu = intval($v['id']);
$mdp = $v['mdp'];
$cle = $v['cle']; // créée lors de la création du compte = hash de plusieurs valeurs
$nom = $v['nom'];
$prenom = $v['prenom'];
$valid = $v['valid'];
$vcode = $v['vcode'];
if(password_verify($mp, $mdp)) {
if($valid == '1') {
if(!isset($_SESSION["connexclt"])) $_SESSION["connexclt"] = array();
$_SESSION["connexclt"]['id'] = $idu;
$_SESSION["connexclt"]['login'] = $lg;
$_SESSION["connexclt"]['cle'] = $cle;
$_SESSION["connexclt"]['nom'] = $nom;
$_SESSION["connexclt"]['prenom'] = $prenom;
$mysqli->query("UPDATE users SET lastvisite = '".date('Y-m-d h:i:s')."' WHERE id = '".$idu."' LIMIT 1");
if($rm == 1) {
$k = password_hash($cle.$mdp, PASSWORD_HASH_ALGORITHM, array('cost' => PASSWORD_HASH_COST));
setcookie("nomcookie", $idu."[+]".$k, array('expires'=>time()+15778463,'path'=>'/','domain'=>$ssdomain.".".$domain,'secure'=>$domainsecure,'httponly'=>true,'samesite'=>"None"));
}
return array('login'=>true,'error'=>false,'nom'=>$nom,'prenom'=>$prenom);
} else {
return array('login'=>false,'error'=>"NOVALID",'idu'=>$idu,'email'=>$lg,'nom'=>$nom,'prenom'=>$prenom,'vcode'=>$vcode);
}
} else {
$badlog = true;
$error = "Ces identifiants sont incorrects, veuillez vérifier votre email et votre mot de passe.";
}
//... traitement des erreurs de connexion ...
}
// Fonction de vérification de la connexion sur les pages privées
function cltconnected() {
global $mysqli, $ssdomain, $domain, $domainsecure;
if(isset($_SESSION["connexclt"]) && isset($_SESSION["connexclt"]['id']) && isset($_SESSION["connexclt"]['login']) && isset($_SESSION["connexclt"]['cle']) && isset($_SESSION["connexclt"]['nom']) && isset($_SESSION["connexclt"]['prenom']) && $_SESSION["connexclt"]['id'] && $_SESSION["connexclt"]['login'] && $_SESSION["connexclt"]['cle'] && $_SESSION["connexclt"]['nom'] && $_SESSION["connexclt"]['prenom']) {
$id = intval($mysqli->real_escape_string($_SESSION["connexclt"]['id']));
$cle = $mysqli->real_escape_string($_SESSION["connexclt"]['cle']);
$r = $mysqli->query("SELECT email, valid FROM users WHERE id = '".$id."' AND cle = '".$cle."' LIMIT 1");
$nb = mysqli_num_rows($r);
if(!empty($nb)) {
$v = mysqli_fetch_assoc($r);
$email = $v['email'];
$valid = $v['valid'];
if($valid == '1') {
$vcle = // même hash de plusieurs valeurs - idem lors de la création du compte;
if($_SESSION["connexclt"]['cle'] == $vcle) {
$mysqli->query("UPDATE users SET lastvisite = '".date('Y-m-d h:i:s')."' WHERE id = '".$id."' LIMIT 1");
return true;
} else {
unset($_SESSION["connexclt"]);
if(isset($_COOKIE["nomcookie"])) setcookie("nomcookie", '', 0,'/',$ssdomain.".".$domain, $domainsecure, true);
return false;
}
} else {
unset($_SESSION["connexclt"]);
if(isset($_COOKIE["nomcookie"])) setcookie("nomcookie", '', 0,'/',$ssdomain.".".$domain, $domainsecure, true);
return false;
}
} else {
unset($_SESSION["connexclt"]);
if(isset($_COOKIE["nomcookie"])) setcookie("nomcookie", '', 0,'/',$ssdomain.".".$domain, $domainsecure, true);
return false;
}
} elseif(isset($_COOKIE["nomcookie"]) && $_COOKIE["nomcookie"]) {
$ccode = $_COOKIE["nomcookie"];
$tcode = explode("[+]",$ccode);
$idu = intval($mysqli->real_escape_string($tcode[0]));
$code = $tcode[1];
$r = $mysqli->query("SELECT email, mdp, cle, nom, prenom, valid FROM users WHERE id = '".$idu."' LIMIT 1");
$nb = mysqli_num_rows($r);
if(!empty($nb)) {
$v = mysqli_fetch_assoc($r);
$lg = $v['email'];
$mdp = $v['mdp'];
$cle = $v['cle'];
$nom = $v['nom'];
$prenom = $v['prenom'];
$valid = $v['valid'];
if($valid == '1') {
if(password_verify($cle.$mdp, $code)) {
if(!isset($_SESSION["connexclt"])) $_SESSION["connexclt"] = array();
$_SESSION["connexclt"]['id'] = $idu;
$_SESSION["connexclt"]['login'] = $lg;
$_SESSION["connexclt"]['cle'] = $cle;
$_SESSION["connexclt"]['nom'] = $nom;
$_SESSION["connexclt"]['prenom'] = $prenom;
$k = password_hash($cle.$mdp, PASSWORD_HASH_ALGORITHM, array('cost' => PASSWORD_HASH_COST));
setcookie("nomcookie", $idu."[+]".$k, array('expires'=>time()+15778463,'path'=>'/','domain'=>$ssdomain.".".$domain,'secure'=>$domainsecure,'httponly'=>true,'samesite'=>"Strict"));
$mysqli->query("UPDATE users SET lastvisite = '".date('Y-m-d h:i:s')."' WHERE id = '".$idu."' LIMIT 1");
return true;
} else {
setcookie("nomcookie", '', 0,'/',$ssdomain.".".$domain, $domainsecure, true);
return false;
}
} else {
setcookie("nomcookie", '', 0,'/',$ssdomain.".".$domain, $domainsecure, true);
return false;
}
} else {
setcookie("nomcookie", '', 0,'/',$ssdomain.".".$domain, $domainsecure, true);
return false;
}
} else {
setcookie("nomcookie", '', 0,'/',$ssdomain.".".$domain, $domainsecure, true);
return false;
}
} |
Partager