diff options
| author | polo <ordipolo@gmx.fr> | 2025-04-01 00:26:01 +0200 |
|---|---|---|
| committer | polo <ordipolo@gmx.fr> | 2025-04-01 00:26:01 +0200 |
| commit | 72111d3f417f5629390cfaa68f914024a82cb44f (patch) | |
| tree | efa52ec014eccfaecedb859ca2b717ddb99143bd /src | |
| parent | 7f13ca69bb71a0eb477cbf4f4bfcd08b2843bf9b (diff) | |
| download | cms-72111d3f417f5629390cfaa68f914024a82cb44f.zip | |
bug redirection à la connexion quand mauvais login
Diffstat (limited to 'src')
| -rw-r--r-- | src/controller/password.php | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/src/controller/password.php b/src/controller/password.php index d5e66ff..47db637 100644 --- a/src/controller/password.php +++ b/src/controller/password.php | |||
| @@ -159,7 +159,7 @@ function connect(LoginBuilder $builder, EntityManager $entityManager) | |||
| 159 | $user = getUser($login, $entityManager); | 159 | $user = getUser($login, $entityManager); |
| 160 | 160 | ||
| 161 | // enregistrement et redirection | 161 | // enregistrement et redirection |
| 162 | if(password_verify($password, $user->getPassword())) | 162 | if(!empty($user) && $login === $user->getLogin() && password_verify($password, $user->getPassword())) |
| 163 | { | 163 | { |
| 164 | session_start(); | 164 | session_start(); |
| 165 | $_SESSION['user'] = $login; | 165 | $_SESSION['user'] = $login; |
| @@ -286,18 +286,14 @@ function changePassword(EntityManager $entityManager) | |||
| 286 | } | 286 | } |
| 287 | 287 | ||
| 288 | 288 | ||
| 289 | function getUser(string $login, EntityManager $entityManager): User | 289 | function getUser(string $login, EntityManager $entityManager): ?User |
| 290 | { | 290 | { |
| 291 | $users = $entityManager->getRepository('App\Entity\User')->findBy(['login' => $login]); | 291 | $users = $entityManager->getRepository('App\Entity\User')->findBy(['login' => $login]); |
| 292 | 292 | ||
| 293 | // détection d'un abus | ||
| 294 | if(count($users) === 0) | 293 | if(count($users) === 0) |
| 295 | { | 294 | { |
| 296 | $_SESSION['user'] = ''; | 295 | $_SESSION['user'] = ''; |
| 297 | $_SESSION['admin'] = false; | 296 | $_SESSION['admin'] = false; |
| 298 | |||
| 299 | header('Location: index.php'); // page création d'un mot de passe à l'attérissage | ||
| 300 | die; | ||
| 301 | } | 297 | } |
| 302 | 298 | ||
| 303 | foreach($users as $user) | 299 | foreach($users as $user) |
| @@ -307,8 +303,7 @@ function getUser(string $login, EntityManager $entityManager): User | |||
| 307 | return $user; | 303 | return $user; |
| 308 | } | 304 | } |
| 309 | } | 305 | } |
| 310 | header('Location: ' . new URL); | 306 | return null; |
| 311 | die; | ||
| 312 | } | 307 | } |
| 313 | 308 | ||
| 314 | 309 | ||