Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include 'includes/functions.php';
- include 'includes/classes.php';
- if (!empty($_POST['login']) && !empty($_POST['mdp'])){
- $query ="SELECT *
- FROM salarie where
- sal_login=:login
- and sal_mdp=:mdp;";
- $query_params=array(
- ':login' =>$_POST['login'],
- ':mdp' => $_POST['mdp']
- );
- try {
- $stmt = $db->prepare($query);
- $result=$stmt->execute($query_params);
- }
- catch (PDOException $ex){
- $response["success"]=0;
- $response["message"]="Erreur dans la base de données (PDOException) !";
- die(json_encode($response));
- }
- //This will be the variable to determine whether or not the user's information is correct.
- //we initialize it as false.
- $validated_info = false;
- //fetching all the rows from the query
- $row = $stmt->fetch();
- $login_ok = false;
- $mdp_ok = false;
- if ($row) {
- //if we encrypted the password, we would unencrypt it here, but in our case we just
- //compare the two passwords
- if ($_POST['login'] == $row['sal_login']) {
- $login_ok = true;
- }
- if ($_POST['mdp'] == $row['sal_mdp']){
- $mdp_ok = true;
- }
- if ($login_ok && $mdp_ok ) {
- $requete="SELECT * FROM connexions where login=:login;";
- $stmt=$GLOBALS['db']->prepare($requete);
- $stmt->execute(array(
- ':login' =>$row['sal_login']
- ));
- $verif=$stmt->fetch(PDO::FETCH_OBJ);
- if($verif !=null){
- session_id($verif->token);
- session_start();
- session_regenerate_id(true);
- $requeteDelete="DELETE FROM connexions where login=:login";
- $stmt=$GLOBALS['db']->prepare($requeteDelete);
- $stmt->execute(array(
- ':login'=>$row['sal_login']
- ));
- $token=session_id();
- }else{
- session_start();
- $date = date('Y-m-d H:i:s');
- $token = md5($date.rand(0,100000));
- $_SESSION['token']=$token;
- }
- $_SESSION['user']= new User($row['sal_id']);
- $requeteInsertion="INSERT INTO connexions values (:token, CURDATE(), CURTIME(), :login);";
- $stmt=$GLOBALS['db']->prepare($requeteInsertion);
- $stmt->execute(array(
- ':login'=>$row['sal_login'],
- ':token'=>$token
- ));
- $response["token"]=$token;
- if($row['sal_idService']==2){
- $response["success"] = 2;
- $response["message"] = "Employé RH identifié avec succès !";
- $_SESSION['admin']=true;
- die(json_encode($response));
- }else{
- $response["success"] = 1;
- $response["message"] = "Employé identifié avec succès !";
- $_SESSION['admin']=false;
- die(json_encode($response));
- }
- }
- }else{
- $response["success"] = 0;
- $response["message"] = "Login ou mot de passe inconnu !";
- die(json_encode($response));
- }
- // If the user logged in successfully, then we send them to the private members-only page
- // Otherwise, we display a login failed message and show the login form again
- }else{
- $response["success"] = 0;
- $response["message"] = "Login ou mot de passe vide !";
- die(json_encode($response));
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement