Skip to content

Instantly share code, notes, and snippets.

@ljamel

ljamel/gist:28ea551837d031cfb89d85c4066a4c89

Last active November 13, 2025 17:07
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ljamel/28ea551837d031cfb89d85c4066a4c89 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ljamel/28ea551837d031cfb89d85c4066a4c89 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
#bash
sudo apt update
sudo apt install apache2 php libapache2-mod-php php-mysql
mysql
CREATE DATABASE IF NOT EXISTS test_login CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'ChangeMeStrong!23';
GRANT ALL PRIVILEGES ON test_login.* TO 'appuser'@'localhost';
FLUSH PRIVILEGES;
EXIT;
-- Vérifier les utilisateurs existants
SELECT user, host FROM mysql.user;
-- Créer ou recréer l'utilisateur appuser
CREATE USER IF NOT EXISTS 'appuser'@'localhost' IDENTIFIED BY 'ChangeMeStrong!23';
-- Donner tous les privilèges sur la base test_login
GRANT ALL PRIVILEGES ON test_login.* TO 'appuser'@'localhost';
-- Appliquer les changements
FLUSH PRIVILEGES;
PASSWORD='TonMotDePasseAdmin'; HASH=$(php -r "echo password_hash(getenv('PASSWORD'), PASSWORD_DEFAULT);"); sudo mysql test_login <<SQL
CREATE TABLE IF NOT EXISTS users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(100) NOT NULL UNIQUE,
password_hash VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
INSERT INTO users (username, password_hash) VALUES ('admin', '${HASH}');
SQL
INSERT INTO users (username, password_hash) VALUES ('stagiaire', 'MOTDEPASSE_EN_CLE');
exit
GNU nano 8.6 /var/www/html/login.php
<?php
session_start();
$host = "localhost";
$dbname = "test_login";
$dbuser = "appuser";
$dbpass = "ChangeMeStrong!23";
$message = "";
try {
$pdo = new PDO("mysql:host=$host;dbname=$dbname;charset=utf8", $dbuser, $dbpass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
die("Erreur de connexion à la base de données : " . $e->getMessage());
}
// Vérifier si le formulaire est soumis
if (isset($_POST['username']) && isset($_POST['password'])) {
// ⚠️ Exemple à NE PAS faire
$username = $_POST['username'];
$password = $_POST['password'];
// Requête **directe** avec concaténation → vulnérable aux injections SQL
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = $pdo->query($query);
$user = $result->fetch(PDO::FETCH_ASSOC);
if ($user && password_verify($password, $user['password'])) {
$_SESSION['username'] = $username;
$message = "Connexion réussie ! Bienvenue, $username.";
} else {
$message = "Nom d'utilisateur ou mot de passe incorrect.";
}
}
?>
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<title>Page de connexion</title>
<style>
/* Reset léger */
* {
box-sizing: border-box;
margin: 0;
padding: 0;
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
}
/* Corps de page */
body {
background: linear-gradient(135deg, #74ABE2, #5563DE);
display: flex;
justify-content: center;
align-items: center;
min-height: 100vh;
padding: 1rem;
}
/* Conteneurs */
.card {
background: #ffffff;
padding: 2rem 3rem;
border-radius: 12px;
box-shadow: 0 12px 25px rgba(0,0,0,0.2);
max-width: 400px;
width: 100%;
transition: transform 0.3s ease, box-shadow 0.3s ease;
}
.card:hover {
transform: translateY(-5px);
box-shadow: 0 20px 35px rgba(0,0,0,0.25);
}
/* Titres */
h2, h3 {
text-align: center;
margin-bottom: 1.5rem;
color: #333333;
}
/* Formulaire */
form {
display: flex;
flex-direction: column;
}
label {
margin-bottom: 0.5rem;
color: #555555;
}
input[type="text"],
input[type="password"] {
padding: 0.75rem;
margin-bottom: 1rem;
border: 1px solid #ccc;
border-radius: 8px;
transition: border 0.3s ease, box-shadow 0.3s ease;
}
input[type="text"]:focus,
input[type="password"]:focus {
border-color: #5563DE;
box-shadow: 0 0 5px rgba(85, 99, 222, 0.5);
outline: none;
}
input[type="submit"] {
padding: 0.75rem;
border: none;
border-radius: 8px;
background-color: #5563DE;
color: white;
font-weight: bold;
cursor: pointer;
transition: background 0.3s ease, transform 0.2s ease;
}
input[type="submit"]:hover {
background-color: #4151b5;
transform: translateY(-2px);
}
/* Alertes */
.alert {
padding: 0.75rem;
border-radius: 8px;
margin-bottom: 1rem;
text-align: center;
font-weight: 500;
}
.err {
background-color: #ffe6e6;
color: #cc0000;
border: 1px solid #ff4d4d;
}
.ok {
background-color: #e6ffe6;
color: #008000;
border: 1px solid #00cc00;
}
/* Lien déconnexion */
a {
display: inline-block;
margin-top: 1rem;
text-decoration: none;
color: #5563DE;
font-weight: bold;
transition: color 0.3s ease;
}
a:hover {
color: #4151b5;
}
/* Responsive */
@media (max-width: 480px) {
.card {
padding: 1.5rem 2rem;
}
}
</style>
</head>
<body>
<h2>Connexion</h2>
<?php if ($message != "") echo "<p>$message</p>"; ?>
<form method="POST" action="">
<label for="username">Nom d'utilisateur :</label>
<input type="text" id="username" name="username" required><br><br>
<label for="password">Mot de passe :</label>
<input type="password" id="password" name="password" required><br><br>
<input type="submit" value="Se connecter">
</form>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment