File: /homepages/35/d993672390/htdocs/dermiteseborrheique/auth/login.php
<?php
define('DS_APP', true);
require_once dirname(__DIR__) . '/includes/init.php';
// Déjà connecté → redirect
if (auth_check()) redirect('app/dashboard.php');
$errors = [];
$email = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
csrf_verify();
$email = sanitize_email(post('email')) ?: '';
$password = post('password');
$remember = !empty($_POST['remember']);
// Brute force
if (is_ip_locked()) {
$errors['global'] = __('auth.locked_out', ['minutes' => lockout_remaining_minutes()]);
} else {
$v = new Validator($_POST);
$v->required('email', 'Email')
->email('email')
->required('password', 'Mot de passe');
if ($v->fails()) {
$errors = $v->errors();
} else {
$user = auth_attempt($email, $password);
if (!$user) {
record_login_attempt($email);
$errors['global'] = __('auth.invalid_credentials');
} elseif (!$user['is_active']) {
$errors['global'] = __('auth.account_inactive');
} else {
auth_login($user, $remember);
$dest = $_SESSION['redirect_after_login'] ?? 'app/dashboard.php';
unset($_SESSION['redirect_after_login']);
redirect($dest);
}
}
}
}
// Google OAuth URL
$googleUrl = '';
if (GOOGLE_CLIENT_ID) {
$state = generate_token(16);
$_SESSION['oauth_state'] = $state;
$params = http_build_query([
'client_id' => GOOGLE_CLIENT_ID,
'redirect_uri' => GOOGLE_REDIRECT_URI,
'response_type' => 'code',
'scope' => 'openid email profile',
'state' => $state,
'access_type' => 'online',
'prompt' => 'select_account',
]);
$googleUrl = 'https://accounts.google.com/o/oauth2/v2/auth?' . $params;
}
$pageTitle = __('auth.login_title');
ob_start();
?>
<div class="auth-header">
<div class="auth-icon">🔑</div>
<h1 class="auth-title"><?= _e('auth.login_title') ?></h1>
<p class="auth-subtitle">Bon retour ! Connectez-vous à votre journal.</p>
</div>
<?php if (!empty($errors['global'])): ?>
<div class="flash flash-error"><?= e($errors['global']) ?></div>
<?php endif; ?>
<?php if ($googleUrl): ?>
<a href="<?= e($googleUrl) ?>" class="btn-google">
<svg viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
<path d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z" fill="#4285F4"/>
<path d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z" fill="#34A853"/>
<path d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z" fill="#FBBC05"/>
<path d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z" fill="#EA4335"/>
</svg>
Continuer avec Google
</a>
<div class="auth-divider">ou</div>
<?php endif; ?>
<form method="POST" action="" novalidate>
<?= csrf_field() ?>
<div class="form-group">
<label class="form-label" for="email"><?= _e('auth.email') ?></label>
<input
type="email" id="email" name="email"
class="form-input <?= isset($errors['email']) ? 'error' : '' ?>"
value="<?= e($email) ?>"
placeholder="vous@exemple.fr"
autocomplete="email"
required>
<?php if (isset($errors['email'])): ?>
<div class="form-error"><?= e($errors['email']) ?></div>
<?php endif; ?>
</div>
<div class="form-group">
<label class="form-label" for="password"><?= _e('auth.password') ?></label>
<div class="input-wrapper">
<input
type="password" id="password" name="password"
class="form-input <?= isset($errors['password']) ? 'error' : '' ?>"
placeholder="••••••••"
autocomplete="current-password"
required>
<button type="button" class="password-toggle" aria-label="Afficher le mot de passe">👁</button>
</div>
<?php if (isset($errors['password'])): ?>
<div class="form-error"><?= e($errors['password']) ?></div>
<?php endif; ?>
</div>
<div style="display:flex;justify-content:space-between;align-items:center;margin-bottom:24px;">
<label class="form-check">
<input type="checkbox" name="remember" <?= !empty($_POST['remember']) ? 'checked' : '' ?>>
<?= _e('auth.remember_me') ?>
</label>
<a href="<?= url('auth/forgot-password.php') ?>" style="font-size:0.78rem;color:var(--text-dim);text-decoration:none;transition:color 0.2s;" onmouseover="this.style.color='var(--cyan)'" onmouseout="this.style.color='var(--text-dim)'">
<?= _e('auth.forgot_password') ?>
</a>
</div>
<button type="submit" class="btn-primary">
<span><?= _e('auth.login_btn') ?></span>
<div class="spinner"></div>
</button>
</form>
<div class="auth-footer" style="margin-top:20px;">
<?= _e('auth.no_account') ?>
<a href="<?= url('auth/register.php') ?>"><?= _e('auth.register_btn') ?></a>
</div>
<?php
$content = ob_get_clean();
require DS_VIEWS . 'layouts/auth.php';