X-Git-Url: https://git.piment-noir.org/?p=Project_webapp.git;a=blobdiff_plain;f=includes%2Fformlogin.php;h=73cdff0e2f1ed3e899364925902ee1a08cdad50a;hp=8da2e2c02c7a035f655a44fe33f9e31918f283a5;hb=a96fefe119b8c91c2f5ae6ad04e11af676e5540b;hpb=b5f60f89589412e18b51326378ab13b9a4fa0f19

diff --git a/includes/formlogin.php b/includes/formlogin.php
index 8da2e2c..73cdff0 100644
--- a/includes/formlogin.php
+++ b/includes/formlogin.php
@@ -3,14 +3,28 @@ $form_email = filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL);
 $form_password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING);
 
 if (!$form_email) {
-    echo "The email is not valid <br>";
-} else {
-    $sql_pquery = "select count(NumCI) from CLIENTS where EmailCI = ?";
-
-    echo "This email do not belong to a registred client, please register first <br>";
-
-    if (password_verify($form_password, $stored_password)) {
-
+    echo "The email is not valid. <br>";
+} elseif (isset($form_email) && isset($form_password)) {
+    if (chk_account($form_email)) {
+        if (chk_password($form_email, $form_password)) {
+            // authentification okay, setup session
+            session_regenerate_id(true);
+            $_SESSION['email'] = $form_email;
+            $_SESSION['IP_address'] = $_SERVER['REMOTE_ADDR'];
+            // redirect to required page
+            echo "You're successfully authenticated. <br>";
+            redirect("index.php", 3);
+        } else {
+            echo "Your password is incorrect for the account email" . $form_email . ". <br>";
+            echo "<a href=\"javascript:history.go(-1)\">Retour</a>";
+        }
+    } else {
+        echo "You do not have an account for the email " . $form_email . ". <br>";
+        echo "Please register first.";
+        redirect("index.php?page=register", 3);
     }
+} else {
+    // didn't authenticate, go back to login form
+    echo "Fail to authenticate. <br>";
+    redirect("index.php?page=login", 3);
 }
-?>