Bonjour,
connectdb.php
<?php
//Configuration de la connexion
$serveur = 'localhost';
$user = 'root';
$passwd = '';
$bdd = 'dbase';
//Connexion a la BDD
mysql_connect($serveur,$user,$passwd) or die('Erreur de connexion !');
mysql_select_db($bdd) or die('Erreur de bdd !');
?>
index.php
<?php
session_start();
//Connexion à la base de données
include 'connectdb.php';
if (isset($_SESSION['authentified']) and ($_SESSION['authentified'] == true)){
header("location: room.php");
}else{
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<link rel="stylesheet" type="text/css" href="style.css" />
<title>Puissance 4</title>
</head>
<fieldset>
Connexion
<form name="login" method="post" action="login.php">
Pseudo *
Password *
Email
</form>
</fieldset>
</html>
<?php
}
//Déconnexion
mysql_close();
?>
login.php
<?php
session_start();
//Connexion à la base de données
include 'connectdb.php';
$pseudo = '';
if(isset($_POST['pseudo']))
$pseudo = mysql_real_escape_string(htmlspecialchars($_POST['pseudo']));
$pseudo = strtolower($pseudo);
$password = '';
if(isset($_POST['password']))
$password = mysql_real_escape_string(htmlspecialchars($_POST['password']));
$password = strtolower($password);
$password = md5($password);
$email = '';
if(isset($_POST['email']))
$email = mysql_real_escape_string(htmlspecialchars($_POST['email']));
$email = strtolower($email);
if ($pseudo != '' and $password != ''){
$sql = "SELECT id FROM joueur WHERE pseudo='" . $pseudo . "' AND password='" . $password . "';";
$rs = mysql_query($sql);
$result = mysql_fetch_assoc($rs);
if($result['id'] == 0){
$sql = "INSERT INTO joueur (pseudo,password,email) VALUES ('$pseudo','$password','$email');";
$rs = mysql_query($sql);
}else{
$sql = "UPDATE joueur SET email='$email' WHERE id=".$result['id'].";";
$rs = mysql_query($sql);
}
//Ouvre la session utilisateur
$sql = "SELECT id FROM joueur WHERE pseudo='" . $pseudo . "' AND password='" . $password . "';";
$rs = mysql_query($sql);
$result = mysql_fetch_assoc($rs);
//-----------------------------------------
$_SESSION['userid'] = $result['id'];
$_SESSION['authentified'] = true;
//-----------------------------------------
header("location: room.php");
}else{
header("location: index.php");
}
//Déconnexion
mysql_close();
?>
room.php
<?php
session_start();
//Connexion à la base de données
include 'connectdb.php';
if (isset($_SESSION['authentified']) and ($_SESSION['authentified'] == true)){
?>
... CODE DE LA PAGE HTML A SECURISE...
<?php
}else{
header("location: index.php");
}
//Déconnexion
mysql_close();
?>
Voila ce que j'utilise pour sécuriser mes pages grace au session php
Cordialement
Synfonia