prepare("SELECT ID, username, email, display_name, role, accreditation FROM users WHERE (username = :username OR email = :username) AND password = :password");
$req->bindParam(':username', htmlspecialchars($_POST['username']));
$req->bindParam(':password', md5($_POST['password']));
$req->execute();
$resultat = $req->fetchAll(PDO::FETCH_ASSOC);
if ($resultat) {
$_SESSION['username'] = $resultat[0]['username'];
$_SESSION['email'] = $resultat[0]['email'];
$_SESSION['display_name'] = $resultat[0]['display_name'];
$_SESSION['userid'] = $resultat[0]['ID'];
$_SESSION['role'] = $resultat[0]['role'];
$_SESSION['accreditation'] = $resultat[0]['accreditation'];
header("Location: index.php");
exit();
} else {
$status = "Nom d'utilisateur / mot de passe incorrect";
}
}
}
?>
<?=$title?>
