e59-website/html/login/index.php

<?php
require("../../include/variables.php");
require("../../include/functions.php");
$pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass);

if (isset($_SESSION['userID'])) {
    header("Location: /");
    die("Vous êtes déjà connecté.");
}

if (isset($_POST['username']) && isset($_POST['password'])) {

    if (empty($_POST['username']) == false && empty($_POST['password']) == false) {

        if(preg_match('!\S!u', $_POST['username']) && preg_match('!\S!u', $_POST['password'])) {

            $sqlRequest = "SELECT ID, username, display_name, level, accreditation FROM users WHERE (username = :username OR email = :username) AND password = :password";
            $request = $pdo->prepare($sqlRequest);
            $request->bindParam(":username", htmlspecialchars($_POST['username']));
            $request->bindParam(":password", md5($_POST['password']));
            $request->execute();
            $result = $request->fetchAll(PDO::FETCH_ASSOC);

            if ($result) {
                
                $_SESSION['userID'] = $result[0]['ID'];
                $_SESSION['userName'] = $result[0]['username'];
                $_SESSION['userDisplayName'] = $result[0]['display_name'];
                $_SESSION['userLevel'] = $result[0]['level'];
                $_SESSION['userAccreditation'] = $result[0]['accreditation'];
                $redirectPage = isset($_GET['p']) ? $_GET['p'] : "";
                header('Location: /' . $redirectPage);
                exit("Login success");

            } else {
                $status = 'Identifiants incorrects';
            }
        } else {
            $status = 'Caractères illégaux';
        }
    } else {
        $status = 'Les champs ne doivent pas être vides';
    }
}

?>

<!DOCTYPE html>
<html lang="fr">

    <head>
        <?php fillHead($rootPageURL, $pageTitle, $darkTheme, $lightTheme);?>
        <style>
        </style>
    </head>

    <body class="body">

        <header>
            <div class="panel-content">
                <?php fillHeader($rootPageURL, $headerTitle, $headerSubtitle);?>
            </div>
        </header>

        <nav>
            <div class="panel-content">
                <?php fillNav($rootPageURL);?>
            </div>
        </nav>

        <main>
            <div class="content">
                <form action="#" method="post">
                    <div class="form">
                        <div class="form-title">Se Connecter</div>
                        <div class="status"><?=$status?></div>
                        <?php 
                            textInput("text", "", "username", "Login / Email", "");
                            textInput("password", "", "password", "Mot de Passe", "");
                        ?>
                        <button type="submit">Se connecter</button>
                        <div>ou</div>
                        <a href="register.php" class="button">Créer un compte</a>
                    </div>
                </form>
            </div>
        </main>
        <footer>
            <div class="panel-content">
                <?php fillFooter($footerText);?>
            </div>
        </footer>
    </body>
</html>