-
Notifications
You must be signed in to change notification settings - Fork 0
/
gestionLogin.php
80 lines (65 loc) · 3.36 KB
/
gestionLogin.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
<?php
session_start();
require('config.php');
include "includes/var.href.inc.php";
$afterLoginTarget = VAR_HREF_PAGE_ADMIN;
if (isset($_GET['redirect']) && $_GET['redirect'] != '') {
$afterLoginTarget = urldecode($_GET['redirect']);
}
$protocol = $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ? 'https' : 'http';
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
// If already logged in (logged in from another window and stayed on the login page in this window)
if ($_SESSION["__userLevel__"] < 100) {
header("Location: $protocol://$host$uri" . $afterLoginTarget, true);
}
// se faire passer pour la partie admin
$PHP_SELF = VAR_HREF_PAGE_ADMIN;
// les champs existent ?
if (isset($_POST["login"]) && isset($_POST["username"]) && isset($_POST["password"])) {
$usernameLogin = strtolower(mysql_real_escape_string(strip_tags($_POST["username"])));
$requeteSQL = "SELECT p.id, nom, prenom, username, userLevel, password, idClub, gestionMembresClub, c.nbIdClub
FROM `Personne` p, `clubs` c
WHERE (p.`username`='" . $usernameLogin . "' OR p.email = '" . $usernameLogin . "')
AND p.`idClub`=c.`id`";
$resultatSQL = mysql_query($requeteSQL);
if (!$resultatSQL) {
header("Location: $protocol://$host$uri/login-fail-4", true);
} else {
$record = mysql_fetch_array($resultatSQL);
if ($record === false) {
header("Location: $protocol://$host$uri/login-fail-1", true);
exit();
}
//echo $requeteSQL."<br />";
//echo md5($_POST["password"])."==".$record["password"];
if (md5($_POST["password"]) == $record['password']) {
$_SESSION["__nom__"] = $record['nom'];
$_SESSION["__prenom__"] = $record['prenom'];
$_SESSION["__idUser__"] = $record['id'];
$_SESSION["__username__"] = $record['username'];
$_SESSION["__userLevel__"] = $record['userLevel'];
$_SESSION['__authdata__'] = base64_encode($record['username'] . ':' . $record['password']);
$_SESSION["__idClub__"] = $record['idClub'];
$_SESSION["__nbIdClub__"] = $record['nbIdClub'];
$_SESSION["__gestionMembresClub__"] = $record['gestionMembresClub'];
// gestion de l'autoconnexion par cookie
if ($_POST["autoConnect"] != "") {
// creation du cookie
$troisMois = time() + (3600 * 24 * 30) * 3;
setcookie("login[username]", $_SESSION["__username__"], $troisMois, "/");
setcookie("login[password]", $record["password"], $troisMois, "/");
}
// Insertion du login dans l'historique des logins
$maintenant = getdate();
$requeteSQL = "INSERT INTO `HistoriqueLogin` ( `username` , `date` , `heure` )
VALUES ('" . $record["username"] . "', '" . $maintenant["year"] . "-" . $maintenant["mon"] . "-" . $maintenant["mday"] . "', '" . $maintenant["hours"] . ":" . $maintenant["minutes"] . ":" . $maintenant["seconds"] . "')";
mysql_query($requeteSQL);
header("Location: $protocol://$host$uri" . $afterLoginTarget, true);
} else {
header("Location: $protocol://$host$uri/login-fail-1", true);
}
}
} else {
header("Location: $protocol://$host$uri/login-fail-3", true);
}