Ajouter public/login.php
This commit is contained in:
71
public/login.php
Normal file
71
public/login.php
Normal file
@@ -0,0 +1,71 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/../src/db.php';
|
||||
require_once __DIR__ . '/../src/functions.php';
|
||||
start_secure_session();
|
||||
$errors = [];
|
||||
$maxAttempts = 5;
|
||||
$blockMinutes = 10;
|
||||
$ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
|
||||
$attemptDb = __DIR__ . '/../admin/attempts.sqlite';
|
||||
$pdoAttempt = new PDO('sqlite:' . $attemptDb);
|
||||
$pdoAttempt->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
$pdoAttempt->exec('CREATE TABLE IF NOT EXISTS attempts (ip TEXT PRIMARY KEY, count INTEGER, last INTEGER)');
|
||||
$st = $pdoAttempt->prepare('SELECT count, last FROM attempts WHERE ip = :ip');
|
||||
$st->execute(['ip' => $ip]);
|
||||
$row = $st->fetch(PDO::FETCH_ASSOC);
|
||||
$count = $row ? (int)$row['count'] : 0;
|
||||
$last = $row ? (int)$row['last'] : 0;
|
||||
$blocked = ($count >= $maxAttempts) && (time() - $last < $blockMinutes * 60);
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
if ($blocked) {
|
||||
$errors[] = 'Trop de tentatives. Réessayez plus tard.';
|
||||
} else {
|
||||
$login = $_POST['login'] ?? '';
|
||||
$password = $_POST['password'] ?? '';
|
||||
if (!$login || !$password) {
|
||||
$errors[] = 'Veuillez renseigner le login et le mot de passe.';
|
||||
} else {
|
||||
$stmt = $pdo->prepare('SELECT id, password FROM utilisateur WHERE login = :login LIMIT 1');
|
||||
$stmt->execute(['login' => $login]);
|
||||
$user = $stmt->fetch();
|
||||
if ($user && password_verify($password, $user['password'])) {
|
||||
$pdoAttempt->prepare('DELETE FROM attempts WHERE ip = :ip')->execute(['ip'=>$ip]);
|
||||
$_SESSION['user_id'] = $user['id'];
|
||||
session_regenerate_id(true);
|
||||
header('Location: /admin/dashboard.php');
|
||||
exit;
|
||||
} else {
|
||||
$errors[] = 'Identifiants incorrects.';
|
||||
if ($row) {
|
||||
$pdoAttempt->prepare('UPDATE attempts SET count = count + 1, last = :last WHERE ip = :ip')->execute(['ip'=>$ip, 'last'=>time()]);
|
||||
} else {
|
||||
$pdoAttempt->prepare('INSERT INTO attempts (ip,count,last) VALUES (:ip,1,:last)')->execute(['ip'=>$ip, 'last'=>time()]);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
<!doctype html>
|
||||
<html><head><meta charset="utf-8"><title>Connexion Admin</title>
|
||||
<link rel="stylesheet" href="/public/assets/style.css"></head>
|
||||
<body>
|
||||
<h1>Connexion administrateur</h1>
|
||||
<?php if ($errors): ?>
|
||||
<ul class="message error">
|
||||
<?php foreach ($errors as $e): ?><li><?php echo esc($e); ?></li><?php endforeach; ?>
|
||||
</ul>
|
||||
<?php endif; ?>
|
||||
<form method="post" id="loginForm">
|
||||
<div class="form-field"><label>Login<br><input type="text" name="login" required></label></div>
|
||||
<div class="form-field"><label>Mot de passe<br><input type="password" name="password" required></label></div>
|
||||
<button type="submit">Se connecter</button>
|
||||
</form>
|
||||
<script>
|
||||
document.getElementById('loginForm').addEventListener('submit', function(e){
|
||||
const l = this.login.value.trim();
|
||||
const p = this.password.value.trim();
|
||||
if(!l || !p){ alert('Remplis tous les champs'); e.preventDefault(); }
|
||||
});
|
||||
</script>
|
||||
</body></html>
|
||||
Reference in New Issue
Block a user