rubisalpha/site
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7d18707d49cba9982b169e62f98fb206974c0713
site/public/login.php
rubisalpha 7d18707d49 Ajouter public/login.php
2025-10-30 11:45:59 +00:00

72 lines
3.0 KiB
PHP
Raw Blame History

<?php
require_once __DIR__ . '/../src/db.php';
require_once __DIR__ . '/../src/functions.php';
start_secure_session();
$errors = [];
$maxAttempts = 5;
$blockMinutes = 10;
$ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
$attemptDb = __DIR__ . '/../admin/attempts.sqlite';
$pdoAttempt = new PDO('sqlite:' . $attemptDb);
$pdoAttempt->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdoAttempt->exec('CREATE TABLE IF NOT EXISTS attempts (ip TEXT PRIMARY KEY, count INTEGER, last INTEGER)');
$st = $pdoAttempt->prepare('SELECT count, last FROM attempts WHERE ip = :ip');
$st->execute(['ip' => $ip]);
$row = $st->fetch(PDO::FETCH_ASSOC);
$count = $row ? (int)$row['count'] : 0;
$last = $row ? (int)$row['last'] : 0;
$blocked = ($count >= $maxAttempts) && (time() - $last < $blockMinutes * 60);
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($blocked) {
$errors[] = 'Trop de tentatives. Réessayez plus tard.';
} else {
$login = $_POST['login'] ?? '';
$password = $_POST['password'] ?? '';
if (!$login || !$password) {
$errors[] = 'Veuillez renseigner le login et le mot de passe.';
} else {
$stmt = $pdo->prepare('SELECT id, password FROM utilisateur WHERE login = :login LIMIT 1');
$stmt->execute(['login' => $login]);
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) {
$pdoAttempt->prepare('DELETE FROM attempts WHERE ip = :ip')->execute(['ip'=>$ip]);
$_SESSION['user_id'] = $user['id'];
session_regenerate_id(true);
header('Location: /admin/dashboard.php');
exit;
} else {
$errors[] = 'Identifiants incorrects.';
if ($row) {
$pdoAttempt->prepare('UPDATE attempts SET count = count + 1, last = :last WHERE ip = :ip')->execute(['ip'=>$ip, 'last'=>time()]);
} else {
$pdoAttempt->prepare('INSERT INTO attempts (ip,count,last) VALUES (:ip,1,:last)')->execute(['ip'=>$ip, 'last'=>time()]);
}
}
}
}
}
?>
<!doctype html>
<html><head><meta charset="utf-8"><title>Connexion Admin</title>
<link rel="stylesheet" href="/public/assets/style.css"></head>
<body>
<h1>Connexion administrateur</h1>
<?php if ($errors): ?>
<ul class="message error">
<?php foreach ($errors as $e): ?><li><?php echo esc($e); ?></li><?php endforeach; ?>
</ul>
<?php endif; ?>
<form method="post" id="loginForm">
<div class="form-field"><label>Login<br><input type="text" name="login" required></label></div>
<div class="form-field"><label>Mot de passe<br><input type="password" name="password" required></label></div>
<button type="submit">Se connecter</button>
</form>
<script>
document.getElementById('loginForm').addEventListener('submit', function(e){
const l = this.login.value.trim();
const p = this.password.value.trim();
if(!l || !p){ alert('Remplis tous les champs'); e.preventDefault(); }
});
</script>
</body></html>
Reference in New Issue View Git Blame Copy Permalink