setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdoAttempt->exec('CREATE TABLE IF NOT EXISTS attempts (ip TEXT PRIMARY KEY, count INTEGER, last INTEGER)');
$st = $pdoAttempt->prepare('SELECT count, last FROM attempts WHERE ip = :ip');
$st->execute(['ip' => $ip]);
$row = $st->fetch(PDO::FETCH_ASSOC);
$count = $row ? (int)$row['count'] : 0;
$last = $row ? (int)$row['last'] : 0;
$blocked = ($count >= $maxAttempts) && (time() - $last < $blockMinutes * 60);
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($blocked) {
$errors[] = 'Trop de tentatives. Réessayez plus tard.';
} else {
$login = $_POST['login'] ?? '';
$password = $_POST['password'] ?? '';
if (!$login || !$password) {
$errors[] = 'Veuillez renseigner le login et le mot de passe.';
} else {
$stmt = $pdo->prepare('SELECT id, password FROM utilisateur WHERE login = :login LIMIT 1');
$stmt->execute(['login' => $login]);
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) {
$pdoAttempt->prepare('DELETE FROM attempts WHERE ip = :ip')->execute(['ip'=>$ip]);
$_SESSION['user_id'] = $user['id'];
session_regenerate_id(true);
header('Location: /admin/dashboard.php');
exit;
} else {
$errors[] = 'Identifiants incorrects.';
if ($row) {
$pdoAttempt->prepare('UPDATE attempts SET count = count + 1, last = :last WHERE ip = :ip')->execute(['ip'=>$ip, 'last'=>time()]);
} else {
$pdoAttempt->prepare('INSERT INTO attempts (ip,count,last) VALUES (:ip,1,:last)')->execute(['ip'=>$ip, 'last'=>time()]);
}
}
}
}
}
?>
Connexion Admin
Connexion administrateur