session_start();
// REQUIRES
require_once $_SERVER['DOCUMENT_ROOT'] . '/WebBristol/model/DAL/UserDAL.php';
// Accessing the POST var in a safe way to prevent SQL injects.
$login = filter_input(INPUT_POST, 'login');
$password = filter_input(INPUT_POST, 'password');
// Checking the input parameters
if (empty($login) && empty($password)) {
// We redirect the user if they aren't all set
// It means that someone is trying to access this page without authorisation.
header('Location: ../login');
}
// Encrypting the password to compare it later.
$encryptedPassword = hash(hash_algos()[7], $password);
// We're trying to access to the user with the given login.
$user = UserDAL::findByLogin($login);
// Case 1 : The login doesn't exist;
if ($user->getId() === -1) {
// We're saving the error message.
$_SESSION["message"]["danger"] = "This login doesn't exist!";
// Redirecting.
header('Location: ../login');
} else {
if ($user->getPassword() !== $encryptedPassword) {
// We're saving the error message.
$_SESSION["message"]["danger"] = "Wrong password! Try again.";
// Redirecting.
header('Location: ../login');
} else {
// We're saving the success message.
$_SESSION["message"]["success"] = "You are connected. Welcome " . $user->getFirstName() . ' ' . $user->getLastName() . '!';
