forked from rebillar/site-accueil-insa
login INSA admin page
This commit is contained in:
Baptiste
parent
83d69d7ab2
commit
2f99e486e5
3 changed files with 45 additions and 29 deletions
|
|
@ -2,5 +2,8 @@
|
|||
session_start();
|
||||
$_SESSION = array();
|
||||
session_destroy();
|
||||
header("Location: index.php");
|
||||
require_once("../phpCAS-1.3.6/CAS.php");
|
||||
phpCAS::client(CAS_VERSION_2_0, "cas.insa-toulouse.fr", 443, 'cas', true);
|
||||
phpCAS::setNoCasServerValidation();
|
||||
phpCAS::logout();
|
||||
?>
|
||||
|
|
@ -70,11 +70,10 @@ if(isset($_GET['adm']) AND !empty($_GET['adm']))
|
|||
|
||||
|
||||
if(isset($_POST['send'])) {
|
||||
if(isset($_POST['pseudo']) AND !empty($_POST['pseudo']) AND isset($_POST['mdp']) AND !empty($_POST['mdp']) AND isset($_POST['perm']) AND !empty($_POST['perm'])) {
|
||||
if(isset($_POST['pseudo']) AND !empty($_POST['pseudo']) AND isset($_POST['perm']) AND !empty($_POST['perm'])) {
|
||||
|
||||
if($user['perm'] >= 2) {
|
||||
$pseudo = htmlspecialchars($_POST['pseudo']);
|
||||
$mdp = htmlspecialchars($_POST['mdp']);
|
||||
$perm = htmlspecialchars($_POST['perm']);
|
||||
|
||||
switch ($perm) {
|
||||
|
|
@ -94,8 +93,8 @@ if(isset($_POST['send'])) {
|
|||
$req->execute(array($pseudo));
|
||||
$pseudo_exist = $req->rowCount();
|
||||
if ($pseudo_exist == 0) {
|
||||
$req = $db->prepare("INSERT INTO admin(pseudo, mdp, perm) VALUES(?, ?, ?)");
|
||||
$req->execute(array($pseudo, password_hash($mdp, PASSWORD_DEFAULT), $perm_int));
|
||||
$req = $db->prepare("INSERT INTO admin(pseudo, perm) VALUES(?, ?)");
|
||||
$req->execute(array($pseudo, $perm_int));
|
||||
header('refresh:0');
|
||||
} else {
|
||||
$error = "pseudo déja utilisé";
|
||||
|
|
@ -119,8 +118,7 @@ if(isset($_POST['send'])) {
|
|||
<body>
|
||||
<main>
|
||||
<form method="POST">
|
||||
<input type="text" placeholder="identifiant" name="pseudo" class="input_inline">
|
||||
<input type="password" placeholder="mot de passe" name="mdp" class="input_inline">
|
||||
<input type="text" placeholder="identifiant INSA" name="pseudo" class="input_inline">
|
||||
<select name="perm" class="input_inline">
|
||||
<option value="v0">GDA - Perm 0</option>
|
||||
<option value="v1">Bureau - Perm 1</option>
|
||||
|
|
@ -137,7 +135,7 @@ if(isset($_POST['send'])) {
|
|||
<table class="acces">
|
||||
<tr>
|
||||
<th width="10%">ID (db)</td>
|
||||
<th width="40%">Identifiant</td>
|
||||
<th width="40%">Identifiant INSA</td>
|
||||
<th width="40%">Perm</td>
|
||||
<th width="10%">Actions</td>
|
||||
</tr>
|
||||
|
|
|
|||
|
|
@ -1,31 +1,48 @@
|
|||
<?php
|
||||
$page = "index";
|
||||
include "script.php";
|
||||
if(isset($_POST['login'])) {
|
||||
if (!empty($_POST['pseudo']) and !empty($_POST['password'])) {
|
||||
$pseudo = htmlspecialchars($_POST['pseudo']);
|
||||
$password = htmlspecialchars($_POST['password']);
|
||||
//CAS
|
||||
require_once("../phpCAS-1.3.6/CAS.php");
|
||||
|
||||
$req = $db->prepare("SELECT id, mdp FROM admin WHERE pseudo = ?");
|
||||
$req->execute(array($pseudo));
|
||||
$user_exist = $req->rowcount();
|
||||
if ($user_exist == 1) {
|
||||
// Initialize phpCAS
|
||||
phpCAS::client(CAS_VERSION_2_0, "cas.insa-toulouse.fr", 443, 'cas', true);
|
||||
|
||||
// For production use set the CA certificate that is the issuer of the cert
|
||||
// on the CAS server and uncomment the line below
|
||||
// phpCAS::setCasServerCACert($cas_server_ca_cert_path);
|
||||
|
||||
// For quick testing you can disable SSL validation of the CAS server.
|
||||
// THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
|
||||
// VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!
|
||||
phpCAS::setNoCasServerValidation();
|
||||
|
||||
// force CAS authentication
|
||||
phpCAS::forceAuthentication();
|
||||
|
||||
// at this step, the user has been authenticated by the CAS server
|
||||
// and the user's login name can be read with phpCAS::getUser().
|
||||
$pseudo = phpCAS::getUser();
|
||||
|
||||
if(!isset($_SESSION['id'])) {
|
||||
$req = $db->prepare("SELECT id FROM admin WHERE pseudo = ?");
|
||||
$req->execute(array($pseudo));
|
||||
$user_exist = $req->rowcount();
|
||||
if ($user_exist == 1) {
|
||||
while ($user_login = $req->fetch()) {
|
||||
$passwd = $user_login['mdp'];
|
||||
if ((password_verify($password, $passwd)) == 1) {
|
||||
$_SESSION['id'] = $user_login['id'];
|
||||
header('Refresh:0');
|
||||
} else {
|
||||
$error = "Mot de passe invalide !";
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$error = "Identifiant invalide !";
|
||||
$_SESSION['id'] = $user_login['id'];
|
||||
header('Refresh:0');
|
||||
}
|
||||
} else {
|
||||
$error = "Tout les champs doivent être complétés";
|
||||
$error = "Identifiant invalide !";
|
||||
}
|
||||
}
|
||||
|
||||
if(isset($_POST['login'])) {
|
||||
session_start();
|
||||
$_SESSION = array();
|
||||
session_destroy();
|
||||
header('Refresh:0');
|
||||
}
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
|
@ -54,8 +71,6 @@ if(isset($_POST['login'])) {
|
|||
} else {
|
||||
?>
|
||||
<form method="POST">
|
||||
<input type="text" placeholder="Identifiant" name="pseudo" class="input">
|
||||
<input type="password" placeholder="mot de passe" name="password" class="input">
|
||||
<input type="submit" name="login" value="Se connecter" class="submit">
|
||||
</form>
|
||||
<?php
|
||||
|
|
|
|||
Loading…
Reference in a new issue