W31/Tp3/authenticate.php

<?php
    session_start();
    include_once('bdd.php');

    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
        $login = htmlspecialchars($_POST['login']);
        $passwd = htmlspecialchars($_POST['passwd']);
        try {
            $pdo = new PDO(SQL_DSN, SQL_USERNAME, SQL_PASSWORD);

        }
        catch(PDOException $e) {
            $_SESSION['message'] = $e->getMessage();
            header('Location: signin.php');
            exit();
        }
        
        $req = $pdo->prepare('SELECT passwd from Users WHERE login = :login');
        $req->bindValue(':login', $login, PDO::PARAM_STR);
        $req->execute();
        $count = $req->rowCount();
        if ($count == 0) {
            header('Location: signin.php');
            exit();
        }
        foreach ($req as $row) {
            if (!password_verify($passwd, $row['passwd'])) {
                header('Location: signin.php');
                $_SESSION['message'] = 'Bad password';
                exit();
            }
        }
        $_SESSION['login'] = $login;
        header('Location: welcome.php');
    } else {
        header('Location: signin.php');
    }