HEX
Server: Apache
System: Linux info 3.0 #1337 SMP Tue Jan 01 00:00:00 CEST 2000 all GNU/Linux
User: u115237990 (7145895)
PHP: 8.3.32
Disabled: NONE
Upload Files
File: /homepages/35/d993672390/htdocs/dermiteseborrheique/auth/login.php
<?php
define('DS_APP', true);
require_once dirname(__DIR__) . '/includes/init.php';

// Déjà connecté → redirect
if (auth_check()) redirect('app/dashboard.php');

$errors = [];
$email  = '';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    csrf_verify();

    $email    = sanitize_email(post('email')) ?: '';
    $password = post('password');
    $remember = !empty($_POST['remember']);

    // Brute force
    if (is_ip_locked()) {
        $errors['global'] = __('auth.locked_out', ['minutes' => lockout_remaining_minutes()]);
    } else {
        $v = new Validator($_POST);
        $v->required('email', 'Email')
          ->email('email')
          ->required('password', 'Mot de passe');

        if ($v->fails()) {
            $errors = $v->errors();
        } else {
            $user = auth_attempt($email, $password);

            if (!$user) {
                record_login_attempt($email);
                $errors['global'] = __('auth.invalid_credentials');
            } elseif (!$user['is_active']) {
                $errors['global'] = __('auth.account_inactive');
            } else {
                auth_login($user, $remember);
                $dest = $_SESSION['redirect_after_login'] ?? 'app/dashboard.php';
                unset($_SESSION['redirect_after_login']);
                redirect($dest);
            }
        }
    }
}

// Google OAuth URL
$googleUrl = '';
if (GOOGLE_CLIENT_ID) {
    $state = generate_token(16);
    $_SESSION['oauth_state'] = $state;
    $params = http_build_query([
        'client_id'     => GOOGLE_CLIENT_ID,
        'redirect_uri'  => GOOGLE_REDIRECT_URI,
        'response_type' => 'code',
        'scope'         => 'openid email profile',
        'state'         => $state,
        'access_type'   => 'online',
        'prompt'        => 'select_account',
    ]);
    $googleUrl = 'https://accounts.google.com/o/oauth2/v2/auth?' . $params;
}

$pageTitle = __('auth.login_title');
ob_start();
?>

<div class="auth-header">
  <div class="auth-icon">🔑</div>
  <h1 class="auth-title"><?= _e('auth.login_title') ?></h1>
  <p class="auth-subtitle">Bon retour ! Connectez-vous à votre journal.</p>
</div>

<?php if (!empty($errors['global'])): ?>
  <div class="flash flash-error"><?= e($errors['global']) ?></div>
<?php endif; ?>

<?php if ($googleUrl): ?>
<a href="<?= e($googleUrl) ?>" class="btn-google">
  <svg viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
    <path d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z" fill="#4285F4"/>
    <path d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z" fill="#34A853"/>
    <path d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z" fill="#FBBC05"/>
    <path d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z" fill="#EA4335"/>
  </svg>
  Continuer avec Google
</a>

<div class="auth-divider">ou</div>
<?php endif; ?>

<form method="POST" action="" novalidate>
  <?= csrf_field() ?>

  <div class="form-group">
    <label class="form-label" for="email"><?= _e('auth.email') ?></label>
    <input
      type="email" id="email" name="email"
      class="form-input <?= isset($errors['email']) ? 'error' : '' ?>"
      value="<?= e($email) ?>"
      placeholder="vous@exemple.fr"
      autocomplete="email"
      required>
    <?php if (isset($errors['email'])): ?>
      <div class="form-error"><?= e($errors['email']) ?></div>
    <?php endif; ?>
  </div>

  <div class="form-group">
    <label class="form-label" for="password"><?= _e('auth.password') ?></label>
    <div class="input-wrapper">
      <input
        type="password" id="password" name="password"
        class="form-input <?= isset($errors['password']) ? 'error' : '' ?>"
        placeholder="••••••••"
        autocomplete="current-password"
        required>
      <button type="button" class="password-toggle" aria-label="Afficher le mot de passe">👁</button>
    </div>
    <?php if (isset($errors['password'])): ?>
      <div class="form-error"><?= e($errors['password']) ?></div>
    <?php endif; ?>
  </div>

  <div style="display:flex;justify-content:space-between;align-items:center;margin-bottom:24px;">
    <label class="form-check">
      <input type="checkbox" name="remember" <?= !empty($_POST['remember']) ? 'checked' : '' ?>>
      <?= _e('auth.remember_me') ?>
    </label>
    <a href="<?= url('auth/forgot-password.php') ?>" style="font-size:0.78rem;color:var(--text-dim);text-decoration:none;transition:color 0.2s;" onmouseover="this.style.color='var(--cyan)'" onmouseout="this.style.color='var(--text-dim)'">
      <?= _e('auth.forgot_password') ?>
    </a>
  </div>

  <button type="submit" class="btn-primary">
    <span><?= _e('auth.login_btn') ?></span>
    <div class="spinner"></div>
  </button>
</form>

<div class="auth-footer" style="margin-top:20px;">
  <?= _e('auth.no_account') ?>
  <a href="<?= url('auth/register.php') ?>"><?= _e('auth.register_btn') ?></a>
</div>

<?php
$content = ob_get_clean();
require DS_VIEWS . 'layouts/auth.php';