101 lines
3.2 KiB
PHP
101 lines
3.2 KiB
PHP
<?php
|
|
session_start();
|
|
|
|
$usersFile = 'users.json';
|
|
$users = file_exists($usersFile) ? json_decode(file_get_contents($usersFile), true) : [];
|
|
$message = '';
|
|
$success = '';
|
|
|
|
// Initialiser les tentatives
|
|
if (!isset($_SESSION['login_attempts'])) {
|
|
$_SESSION['login_attempts'] = 0;
|
|
}
|
|
if (!isset($_SESSION['login_time'])) {
|
|
$_SESSION['login_time'] = null;
|
|
}
|
|
|
|
// Message session expirée
|
|
if (isset($_GET['timeout'])) {
|
|
$message = "Session expirée. Veuillez vous reconnecter.";
|
|
}
|
|
|
|
// Vérifier si bloqué
|
|
$bloque = false;
|
|
if ($_SESSION['login_attempts'] >= 3 && $_SESSION['login_time'] !== null) {
|
|
$temps_ecoule = time() - $_SESSION['login_time'];
|
|
if ($temps_ecoule < 300) {
|
|
$bloque = true;
|
|
$reste = 300 - $temps_ecoule;
|
|
$message = "Trop de tentatives. Réessayez dans " . ceil($reste / 60) . " minute(s).";
|
|
} else {
|
|
$_SESSION['login_attempts'] = 0;
|
|
$_SESSION['login_time'] = null;
|
|
}
|
|
}
|
|
|
|
if (isset($_GET['registered'])) {
|
|
$success = "Compte créé avec succès ! En attente de validation par l'administrateur.";
|
|
}
|
|
|
|
if (!$bloque && $_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$username = trim($_POST['username']);
|
|
$password = trim($_POST['password']);
|
|
|
|
if (isset($users[$username]) && password_verify($password, $users[$username]['password'])) {
|
|
$_SESSION['login_attempts'] = 0;
|
|
$_SESSION['login_time'] = null;
|
|
$_SESSION['user'] = $username;
|
|
$_SESSION['role'] = $users[$username]['role'];
|
|
$_SESSION['last_activity'] = time();
|
|
session_regenerate_id(true);
|
|
header("Location: dashboard.php");
|
|
exit();
|
|
} else {
|
|
$_SESSION['login_attempts']++;
|
|
$_SESSION['login_time'] = time();
|
|
$restants = 3 - $_SESSION['login_attempts'];
|
|
if ($restants > 0) {
|
|
$message = "Identifiants incorrects. Il vous reste $restants essai(s).";
|
|
} else {
|
|
$message = "Trop de tentatives. Réessayez dans 5 minutes.";
|
|
}
|
|
}
|
|
}
|
|
|
|
include 'include/header.php';
|
|
?>
|
|
|
|
<div class="form-box">
|
|
<h2>Connexion</h2>
|
|
<?php if ($success): ?>
|
|
<p class="form-success"><?php echo htmlspecialchars($success); ?></p>
|
|
<?php endif; ?>
|
|
<?php if ($message): ?>
|
|
<p class="form-error"><?php echo htmlspecialchars($message); ?></p>
|
|
<?php endif; ?>
|
|
|
|
<?php if (!$bloque): ?>
|
|
<form method="POST" action="login.php">
|
|
<label class="field-label" for="username">Nom d'utilisateur</label>
|
|
<input id="username" type="text" name="username" placeholder="Nom d'utilisateur" required>
|
|
|
|
<label class="field-label" for="password">Mot de passe</label>
|
|
<div class="password-wrapper">
|
|
<input id="password" type="password" name="password" placeholder="Mot de passe" required>
|
|
<button type="button" class="toggle-password" onclick="togglePassword()">👁️</button>
|
|
</div>
|
|
|
|
<button type="submit">Se connecter</button>
|
|
</form>
|
|
<p class="form-link">Pas encore de compte ? <a href="register.php">S'inscrire</a></p>
|
|
<?php endif; ?>
|
|
</div>
|
|
|
|
<script>
|
|
function togglePassword() {
|
|
const input = document.getElementById('password');
|
|
input.type = input.type === 'password' ? 'text' : 'password';
|
|
}
|
|
</script>
|
|
|
|
<?php include 'include/footer.php'; ?>
|