1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
<?php
include('header.html');
include('../trombi/accesBD.Script.php');
$BD = new accesBD;
$bdd = $BD->connexionMysqliUti();
$username = $password = "";
$username_err = $password_err = "";
$method = 'aes-256-cbc';
$cle = '3sc3RLrpd17';
$iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0);
if($_SERVER["REQUEST_METHOD"] == "POST"){
$username = $_POST["username"];
$password = $_POST['password'];
// Check des informations par rapport à la base
if(empty($username_err) && empty($password_err)){
$req = "SELECT username, password
FROM users
WHERE username = ?
AND ID_MODULE = 1";
if($stmt = mysqli_prepare($bdd, $req)){
mysqli_stmt_bind_param($stmt, "s", $param_username);
$param_username = $username;
if(mysqli_stmt_execute($stmt)){
mysqli_stmt_store_result($stmt);
// Check si l'username existe
if(mysqli_stmt_num_rows($stmt) == 1){
mysqli_stmt_bind_result($stmt, $username, $hashed_password);
if(mysqli_stmt_fetch($stmt)){
$decrypted = openssl_decrypt(base64_decode($hashed_password), $method, $cle, OPENSSL_RAW_DATA, $iv);
if($password == $decrypted){
// Check password par rraport au username
session_start();
$_SESSION['username'] = $username;
$_SESSION['connexion'] = 1;
header("location: PageAccueil.php");
} else{
echo $decrypted. "<br>";
echo $hashed_password. "<br>";
echo $method. "<br>";
echo $cle. "<br>";
$password_err = "Le password que vous avez entrer n'ai pas valide.";
}
}
} else{
$username_err = 'Pas de compte trouvé pour cet utilisateur';
}
}
}
mysqli_stmt_close($stmt);
}
mysqli_close($bdd);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
<link rel="stylesheet" href="css/index.css" />
<style type="text/css">
.form{ font: 14px sans-serif; }
.wrapper{ width: 100%; text-align: center;padding: 20px; margin-left: auto; margin-right: auto;min-width: 300px;max-width: 500px}
</style>
</head>
<body>
<div class="wrapper">
<h2>Connexion</h2>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post" class="form">
<div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
<input type="text" name="username"class="form-control" value="<?php echo $username; ?>" placeholder="identifiant" required>
<span class="help-block"><?php echo $username_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
<input type="password" name="password" class="form-control" placeholder="mot de passe" required>
<span class="aide"><?php echo $password_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Login">
</div>
</form>
</div>
</body>
</html> |
Decryptage AES bloqué
Répondre avec citation
Partager