Skip to content

Fix parsing errors in public/src/signin.php and harden sign-in flow #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Kvnbbg merged 1 commit into from
Mar 29, 2026
Merged

Fix parsing errors in public/src/signin.php and harden sign-in flow #63

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
103 changes: 54 additions & 49 deletions public/src/signin.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,73 +1,78 @@
<?php
// signin.php - Hnadles the sign in process and authentication
// signin.php - Handles sign-in process and authentication
// Developer: Kevin Marville https://github.com/kvnbbg

declare(strict_types=1);

require_once 'db_config.php';
// log in attempt with email and password and return status
>>>>>>>>>>DOCIFY-START - dwbeiownppys >>>>>>>>>>

/**
* Log an attempt to the database. This is a helper function for log (). The $conn parameter is the number of the connection that was used to create the database.
*
* @param $conn
* @param $email
* @param $status
*/
>>>>>>>>>>DOCIFY-END - dwbeiownppys >>>>>>>>>>
function logAttempt($conn, $email, $status) {
$stmt - $conn->prepare("INSERT INTO tentatives_connexion (email, status, timestamp) VALUES (?, ?, ?)");
$timestamp = date("Y-m-d H:i:s");
$stmt->bind_param("sss", $email, $status, $timestamp);
* Log a sign-in attempt in the database.
*/
function logAttempt(mysqli $conn, string $email, string $status): void
{
$stmt = $conn->prepare('INSERT INTO tentatives_connexion (email, status, timestamp) VALUES (?, ?, ?)');
if (!$stmt) {
return;
}

$timestamp = date('Y-m-d H:i:s');
$stmt->bind_param('sss', $email, $status, $timestamp);
$stmt->execute();
$stmt->close();
}

>>>>>>>>>>DOCIFY-START - wpvowxawvfpd >>>>>>>>>>
/**
* Function to send an alert to the administrators. This is a wrapper for mail () with subject and headers
*
* @param $emai
* @param $status
*/
>>>>>>>>>>DOCIFY-END - wpvowxawvfpd >>>>>>>>>>
function sendAlert($emai, $status) {
$adminEmail = "admin@votredomaine.com";
$subject = "Alerte: Tentative de connexion";
$message = "Bonjour, il y a eu une tentative de connexion avec le statut: $status pour l'adresse email: $email à " . date("Y-m-d H:i:s");
$headers = "From: $adminEmail";
mail($adminEmail, $subject, $message, $headers);
* Send an alert email to administrators.
*/
function sendAlert(string $email, string $status): void
{
$adminEmail = 'admin@votredomaine.com';
$subject = 'Alerte: Tentative de connexion';
$message = "Bonjour, il y a eu une tentative de connexion avec le statut: {$status} pour l'adresse email: {$email} à " . date('Y-m-d H:i:s');
$headers = "From: {$adminEmail}";

@mail($adminEmail, $subject, $message, $headers);
}

>>>>>>>>>>DOCIFY-START - igqfzvydvntj >>>>>>>>>>
// Méthode non autorisée. Méthode non autorisée.
>>>>>>>>>>DOCIFY-END - igqfzvydvntj >>>>>>>>>>
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$email = $_POST["email"];
$password = $_POST["password"];
$stmt = $conn->prepare("SELECT mot_de_passe FROM Utilisateur WHERE email = ?");
$stmt->bind_param("s", $email);
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$email = isset($_POST['email']) ? trim((string) $_POST['email']) : '';
$password = isset($_POST['password']) ? (string) $_POST['password'] : '';

if ($email === '' || $password === '') {
http_response_code(400);
echo 'Email et mot de passe requis';
$conn->close();
exit;
}

$stmt = $conn->prepare('SELECT mot_de_passe FROM Utilisateur WHERE email = ?');
if (!$stmt) {
http_response_code(500);
echo 'Erreur interne';
$conn->close();
exit;
}

$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->bind_result($stored_password_hash);
$stmt->bind_result($storedPasswordHash);
$stmt->fetch();
$stmt->close();

>>>>>>>>>>DOCIFY-START - rfjqrtleqxax >>>>>>>>>>
// Check if the password is correct or not
>>>>>>>>>>DOCIFY-END - rfjqrtleqxax >>>>>>>>>>
if ($stored_password_hash && password_verify($password, $stored_password_hash)) {
// Password is correct, log in the user
logAttempt($conn, $email, "success");
sendAlert($email, "réussie");
if (is_string($storedPasswordHash) && password_verify($password, $storedPasswordHash)) {
logAttempt($conn, $email, 'success');
sendAlert($email, 'réussie');
echo 'Connexion réussie';
} else {
// Password is incorrect, log the attempt
logAttempt($conn, $email, "failed");
sendAlert($email, "échouée");
http_response_code(401); // Unauthorized
logAttempt($conn, $email, 'failed');
sendAlert($email, 'échouée');
http_response_code(401);
echo 'Connexion échouée, les identifiants ne correspondent pas';
}
} else {
http_response_code(405); // Method Not Allowed
http_response_code(405);
echo 'Méthode non autorisée';
}

$conn->close();
?>
Loading