<?php
function hash_equals($str1, $str2)
{
if (strlen($str1) != strlen($str2)) {
return false;
} else {
$res = $str1 ^ $str2;
$ret = 0;
for ($i = strlen($res) - 1; $i >= 0; $i--) {
$ret |= ord($res[$i]);
}
return !$ret;
}
}
include_once "autoloader.php";
$login = $_POST['login'];
$mot_de_passe = $_POST['password'];
$pdo_singleton = new PDOSingleton();
$request = $pdo_singleton->get_connexion()->query('SELECT password FROM users WHERE login="******"');
if ($request !== false) {
$result = $request->fetch();
$request->closeCursor();
if (hash_equals($result["password"], crypt($mot_de_passe, $result["password"]))) {
session_start();
$_SESSION["login"] = $login;
header('Location: ./admin/admin.php');
}
}
echo "Bad login";
//header("location: index.php");
