$form_password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING);
if (!$form_email) {
- echo "The email is not valid <br>";
-} else {
- $sql_pquery = "select count(NumCI) from CLIENTS where EmailCI = ?";
-
- echo "This email do not belong to a registred client, please register first <br>";
-
- if (password_verify($form_password, $stored_password)) {
-
+ echo "The email is not valid. <br>";
+ redirect("index.php?page=login", 3);
+} elseif (isset($form_email) && isset($form_password)) {
+ if (chk_account($form_email)) {
+ if (chk_password($form_email, $form_password)) {
+ // authentification okay, setup session
+ session_regenerate_id(true);
+ $_SESSION['email'] = $form_email;
+ $_SESSION['IP_address'] = $_SERVER['REMOTE_ADDR'];
+ // redirect to required page
+ echo "You're successfully authenticated. <br>";
+ redirect("index.php", 3);
+ } else {
+ echo "Your password is incorrect for the account email " . $form_email . ". <br>";
+ echo "<a href=\"javascript:history.go(-1)\">Retour</a>";
+ }
+ } else {
+ echo "You do not have an account for the email " . $form_email . ". <br>";
+ echo "Please register first.";
+ redirect("index.php?page=register", 3);
}
+} else {
+ // didn't authenticate for unknown reason, go back to login form
+ echo "Fail to authenticate for unknown reason. <br>";
+ redirect("index.php?page=login", 3);
}
+
?>