diff options
Diffstat (limited to 'src/controller/password.php')
| -rw-r--r-- | src/controller/password.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/controller/password.php b/src/controller/password.php index 2189326..5573a33 100644 --- a/src/controller/password.php +++ b/src/controller/password.php | |||
| @@ -165,9 +165,10 @@ function connect(LoginBuilder $builder, EntityManager $entityManager) | |||
| 165 | // enregistrement et redirection | 165 | // enregistrement et redirection |
| 166 | if(!empty($user) && $login === $user->getLogin() && password_verify($password, $user->getPassword())) | 166 | if(!empty($user) && $login === $user->getLogin() && password_verify($password, $user->getPassword())) |
| 167 | { | 167 | { |
| 168 | $log = new Log; | 168 | $log = new Log(true); |
| 169 | $entityManager->persist($log); | 169 | $entityManager->persist($log); |
| 170 | $entityManager->flush(); | 170 | $entityManager->flush(); |
| 171 | |||
| 171 | session_regenerate_id(true); // protection fixation de session, si l'attaquant a créé un cookie de session (attaque XSS), il est remplacé | 172 | session_regenerate_id(true); // protection fixation de session, si l'attaquant a créé un cookie de session (attaque XSS), il est remplacé |
| 172 | //unset($_SESSION['captcha']); | 173 | //unset($_SESSION['captcha']); |
| 173 | $_SESSION['user'] = $login; | 174 | $_SESSION['user'] = $login; |
| @@ -179,6 +180,9 @@ function connect(LoginBuilder $builder, EntityManager $entityManager) | |||
| 179 | } | 180 | } |
| 180 | else | 181 | else |
| 181 | { | 182 | { |
| 183 | $log = new Log(false); | ||
| 184 | $entityManager->persist($log); | ||
| 185 | $entityManager->flush(); | ||
| 182 | $error = 'bad_login_or_password'; | 186 | $error = 'bad_login_or_password'; |
| 183 | } | 187 | } |
| 184 | } | 188 | } |