Actualiser login.php
This commit is contained in:
42
login.php
42
login.php
@@ -1,25 +1,60 @@
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
$usersFile = 'users.json';
|
||||
$users = file_exists($usersFile) ? json_decode(file_get_contents($usersFile), true) : [];
|
||||
$message = '';
|
||||
$success = '';
|
||||
|
||||
// Initialiser les tentatives
|
||||
if (!isset($_SESSION['login_attempts'])) {
|
||||
$_SESSION['login_attempts'] = 0;
|
||||
}
|
||||
if (!isset($_SESSION['login_time'])) {
|
||||
$_SESSION['login_time'] = null;
|
||||
}
|
||||
|
||||
// Vérifier si bloqué
|
||||
$bloque = false;
|
||||
if ($_SESSION['login_attempts'] >= 3 && $_SESSION['login_time'] !== null) {
|
||||
$temps_ecoule = time() - $_SESSION['login_time'];
|
||||
if ($temps_ecoule < 300) { // 5 minutes
|
||||
$bloque = true;
|
||||
$reste = 300 - $temps_ecoule;
|
||||
$message = "Trop de tentatives. Réessayez dans " . ceil($reste / 60) . " minute(s).";
|
||||
} else {
|
||||
// Débloquer après 5 minutes
|
||||
$_SESSION['login_attempts'] = 0;
|
||||
$_SESSION['login_time'] = null;
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($_GET['registered'])) {
|
||||
$success = "Compte créé avec succès ! Connectez-vous.";
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
if (!$bloque && $_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$username = trim($_POST['username']);
|
||||
$password = trim($_POST['password']);
|
||||
|
||||
if (isset($users[$username]) && password_verify($password, $users[$username]['password'])) {
|
||||
// Connexion réussie — reset tentatives
|
||||
$_SESSION['login_attempts'] = 0;
|
||||
$_SESSION['login_time'] = null;
|
||||
$_SESSION['user'] = $username;
|
||||
$_SESSION['role'] = $users[$username]['role'];
|
||||
$_SESSION['last_activity'] = time();
|
||||
header("Location: dashboard.php");
|
||||
exit();
|
||||
} else {
|
||||
$message = "Nom d'utilisateur ou mot de passe incorrect.";
|
||||
$_SESSION['login_attempts']++;
|
||||
$_SESSION['login_time'] = time();
|
||||
$restants = 3 - $_SESSION['login_attempts'];
|
||||
if ($restants > 0) {
|
||||
$message = "Identifiants incorrects. Il vous reste $restants essai(s).";
|
||||
} else {
|
||||
$message = "Trop de tentatives. Réessayez dans 5 minutes.";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -34,6 +69,8 @@ include 'include/header.php';
|
||||
<?php if ($message): ?>
|
||||
<p class="form-error"><?php echo htmlspecialchars($message); ?></p>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if (!$bloque): ?>
|
||||
<form method="POST" action="login.php">
|
||||
<label class="field-label" for="username">Nom d'utilisateur</label>
|
||||
<input id="username" type="text" name="username" placeholder="Nom d'utilisateur" required>
|
||||
@@ -47,6 +84,7 @@ include 'include/header.php';
|
||||
<button type="submit">Se connecter</button>
|
||||
</form>
|
||||
<p class="form-link">Pas encore de compte ? <a href="register.php">S'inscrire</a></p>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
|
||||
<script>
|
||||
|
||||
Reference in New Issue
Block a user