<?php

session_start();
require_once('config.php');

$username = formulaires($_POST['username']);
$passwd = formulaires($_POST['passwd']);



$passwd=md5($passwd);

if(!$username)
	{
	header('Location:'.$root_path.'index.php?error=username');
	}
if(!$passwd)
	{
	header('Location:'.$root_path.'index.php?error=pass');
	}
//$sqlcount= "SELECT * FROM user WHERE pass='$passwd' AND username='$username'";
$reponse_cores=$dbh->query("SELECT * FROM user WHERE pass='$passwd' AND username='$username'") or die ('error : '.mysql_error());
$count_cores = $reponse_cores->rowCount();

//$count_cores=mysql_num_rows($reponse_cores);
if($count_cores == 0 )
	{
	header('Location:'.$root_path.'index.php?error=connection');
	}

else
	{
	for ($ligne=0;$ligne<30;$ligne++)		//Création d'un identifiant aléatoire
		{
		@$session.=substr('0123456789AZERTYUIOPMLKJHGFDSQWXCVBN',(rand()%(strlen('0123456789AZERTYUIOPMLKJHGFDSQWXCVBN'))),1);
		}
	
	$dbh->query("UPDATE user SET session='$session' WHERE username='$username'") or die ('error : '.mysql_error());
	$_SESSION['session'] = "$session";		//création de la session
	header('Location:'.$root_path.'user/index.php');			//redirection vers l'index
	}
include_once('bottom.php');
?>