intranet-apei/login.php

<?php
require('./Assets/functions.php');
$config = json_decode(file_get_contents("./Assets/config.json"), true);
$bdd = connectBDD("localhost", $config["BDD_USER"], $config["BDD_PASSWD"], $config["BDD_NAME"]);

session_start();

if(isset($_POST['user']) && isset($_POST['password']) && isset($_GET['redirect_to'])){
    if(validateCSRFToken($_SESSION['csrf'], $_POST['csrf']) && verifyPassword(getHashPwd($bdd, $_POST['user'])["password"], $_POST['password'])){
        $csrf = '';
        $_SESSION['connected'] = true;
        $_SESSION['site'] = getSite($bdd, $_POST['user']);
        $_SESSION['permission'] = getUserPerms($bdd, $_POST['user']);
        $_SESSION['username'] = $_POST['user'];
        header('location: '.$_GET['redirect_to']);
    }
}else{
    $csrf = bin2hex(random_bytes(32));
    $_SESSION['csrf'] = $csrf;
}
?>
<!DOCTYPE html>
<html lang="fr">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.8/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-sRIl4kxILFvY47J16cr9ZwB07vP4J8+LH7qKQnuqkuIAvNWLzeN8tE5YBujZqJLB" crossorigin="anonymous">
    <title>Se connecter !</title>
</head>
<body>
    <form method="POST">
  <div class="form-group">
    <label for="user">Nom d'utilisateur :</label>
    <input type="text" class="form-control" id="user" name="user" required>
  </div>
  <div class="form-group">
    <label for="password">Password</label>
    <input type="password" class="form-control" id="password" name="password" required>
  </div>
  <input type="hidden" name="csrf" value="<?= $csrf ?>">
  <button type="submit" class="btn btn-primary">Connexion</button>
</form>
</body>
</html>