rebillar/site-accueil-insa
1
1
Fork 1
forked from vergnet/site-accueil-insa
Code Issues Pull requests Releases Wiki Activity

login INSA admin page

Browse source
This commit is contained in:
Baptiste 2022-07-10 18:08:53 +02:00
parent 83d69d7ab2
commit 2f99e486e5
3 changed files with 45 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
admin/deco.php
View file

@ -2,5 +2,8 @@
session_start(); session_start();
$_SESSION = array(); $_SESSION = array();
session_destroy(); session_destroy();
header("Location: index.php"); require_once("../phpCAS-1.3.6/CAS.php");
phpCAS::client(CAS_VERSION_2_0, "cas.insa-toulouse.fr", 443, 'cas', true);
phpCAS::setNoCasServerValidation();
phpCAS::logout();
?> ?>

12
admin/gestion_des_acces.php
View file

@ -70,11 +70,10 @@ if(isset($_GET['adm']) AND !empty($_GET['adm']))
if(isset($_POST['send'])) { if(isset($_POST['send'])) {
if(isset($_POST['pseudo']) AND !empty($_POST['pseudo']) AND isset($_POST['mdp']) AND !empty($_POST['mdp']) AND isset($_POST['perm']) AND !empty($_POST['perm'])) { if(isset($_POST['pseudo']) AND !empty($_POST['pseudo']) AND isset($_POST['perm']) AND !empty($_POST['perm'])) {
if($user['perm'] >= 2) { if($user['perm'] >= 2) {
$pseudo = htmlspecialchars($_POST['pseudo']); $pseudo = htmlspecialchars($_POST['pseudo']);
$mdp = htmlspecialchars($_POST['mdp']);
$perm = htmlspecialchars($_POST['perm']); $perm = htmlspecialchars($_POST['perm']);
switch ($perm) { switch ($perm) {
@ -94,8 +93,8 @@ if(isset($_POST['send'])) {
$req->execute(array($pseudo)); $req->execute(array($pseudo));
$pseudo_exist = $req->rowCount(); $pseudo_exist = $req->rowCount();
if ($pseudo_exist == 0) { if ($pseudo_exist == 0) {
$req = $db->prepare("INSERT INTO admin(pseudo, mdp, perm) VALUES(?, ?, ?)"); $req = $db->prepare("INSERT INTO admin(pseudo, perm) VALUES(?, ?)");
$req->execute(array($pseudo, password_hash($mdp, PASSWORD_DEFAULT), $perm_int)); $req->execute(array($pseudo, $perm_int));
header('refresh:0'); header('refresh:0');
} else { } else {
$error = "pseudo déja utilisé"; $error = "pseudo déja utilisé";
@ -119,8 +118,7 @@ if(isset($_POST['send'])) {
<body> <body>
<main> <main>
<form method="POST"> <form method="POST">
<input type="text" placeholder="identifiant" name="pseudo" class="input_inline"> <input type="text" placeholder="identifiant INSA" name="pseudo" class="input_inline">
<input type="password" placeholder="mot de passe" name="mdp" class="input_inline">
<select name="perm" class="input_inline"> <select name="perm" class="input_inline">
<option value="v0">GDA - Perm 0</option> <option value="v0">GDA - Perm 0</option>
<option value="v1">Bureau - Perm 1</option> <option value="v1">Bureau - Perm 1</option>
@ -137,7 +135,7 @@ if(isset($_POST['send'])) {
<table class="acces"> <table class="acces">
<tr> <tr>
<th width="10%">ID (db)</td> <th width="10%">ID (db)</td>
<th width="40%">Identifiant</td> <th width="40%">Identifiant INSA</td>
<th width="40%">Perm</td> <th width="40%">Perm</td>
<th width="10%">Actions</td> <th width="10%">Actions</td>
</tr> </tr>

57
admin/index.php
View file

@ -1,31 +1,48 @@
<?php <?php
$page = "index"; $page = "index";
include "script.php"; include "script.php";
if(isset($_POST['login'])) { //CAS
if (!empty($_POST['pseudo']) and !empty($_POST['password'])) { require_once("../phpCAS-1.3.6/CAS.php");
$pseudo = htmlspecialchars($_POST['pseudo']);
$password = htmlspecialchars($_POST['password']);
$req = $db->prepare("SELECT id, mdp FROM admin WHERE pseudo = ?"); // Initialize phpCAS
$req->execute(array($pseudo)); phpCAS::client(CAS_VERSION_2_0, "cas.insa-toulouse.fr", 443, 'cas', true);
$user_exist = $req->rowcount();
if ($user_exist == 1) { // For production use set the CA certificate that is the issuer of the cert
// on the CAS server and uncomment the line below
// phpCAS::setCasServerCACert($cas_server_ca_cert_path);
// For quick testing you can disable SSL validation of the CAS server.
// THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
// VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!
phpCAS::setNoCasServerValidation();
// force CAS authentication
phpCAS::forceAuthentication();
// at this step, the user has been authenticated by the CAS server
// and the user's login name can be read with phpCAS::getUser().
$pseudo = phpCAS::getUser();
if(!isset($_SESSION['id'])) {
$req = $db->prepare("SELECT id FROM admin WHERE pseudo = ?");
$req->execute(array($pseudo));
$user_exist = $req->rowcount();
if ($user_exist == 1) {
while ($user_login = $req->fetch()) { while ($user_login = $req->fetch()) {
$passwd = $user_login['mdp']; $_SESSION['id'] = $user_login['id'];
if ((password_verify($password, $passwd)) == 1) { header('Refresh:0');
$_SESSION['id'] = $user_login['id'];
header('Refresh:0');
} else {
$error = "Mot de passe invalide !";
}
}
} else {
$error = "Identifiant invalide !";
} }
} else { } else {
$error = "Tout les champs doivent être complétés"; $error = "Identifiant invalide !";
} }
} }
if(isset($_POST['login'])) {
session_start();
$_SESSION = array();
session_destroy();
header('Refresh:0');
}
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
@ -54,8 +71,6 @@ if(isset($_POST['login'])) {
} else { } else {
?> ?>
<form method="POST"> <form method="POST">
<input type="text" placeholder="Identifiant" name="pseudo" class="input">
<input type="password" placeholder="mot de passe" name="password" class="input">
<input type="submit" name="login" value="Se connecter" class="submit"> <input type="submit" name="login" value="Se connecter" class="submit">
</form> </form>
<?php <?php