1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
| <?php
// Headers requis
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Methods: POST, OPTIONS");
header("Access-Control-Max-Age: 3600");
header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");
require_once "../api/config/define.php";
// On vérifie la méthode
if($_SERVER['REQUEST_METHOD'] == 'POST' ||$_SERVER['REQUEST_METHOD'] == 'OPTIONS'){
// On inclut les fichiers de configuration et d'accès aux données
include_once '../api/config/database.php';
include_once '../api/objects/utilisateur.php';
$database = new Database();
$db = $database->getConnection();
$donnees = json_decode(file_get_contents("php://input"));
$utilisateur = new Utilisateur($db);
$utilisateur->identifiant = $donnees->identifiant;
$stmt = $utilisateur->login();
$user = $stmt->fetch(PDO::FETCH_ASSOC);
$num = $stmt->rowCount();
if($num == 1 && !empty($user)){
if(password_verify($donnees->password, $user['password'])) {
$utilisateur->login();
http_response_code(200);
$data = [
"connexion" => Array(
"status" => 200,
"message" => "Connection successful"
),
"utilisateur" => Array(
"id_utilisateur" => $user['id_utilisateur'],
"nom_utilisateur" => $user['nom_utilisateur'],
"email" => $user['email'],
"der_connexion" => $user['der_connexion'],
"identifiant" => $user['identifiant_connexion'],
"id_client" => $user['id_client'],
"id_profil" => $user['id_profil'],
"id_privilege" => $user['id_privilege']
)
];
setcookie('utilisateur', $user['id_utilisateur'], [
'expires' => time() + 3600,
'path' => '/',
'secure' => true, // utiliser https
'samesite' => 'strict' // limite les attaques csrf
]);
echo json_encode($data);
} else {
http_response_code(400);
echo json_encode(["status" => 400, "message" => "Connection failed"]);
}
} else {
// echo json_encode(["status" => 204, "message" => "No user found"]);
http_response_code(204);
}
} else {
http_response_code(405);
echo json_encode(["message" => "La méthode n'est pas autorisée"]);
}
?> |
Partager