servnest/common/html.php

84 lines
2.8 KiB
PHP
Raw Normal View History

2021-01-22 20:58:46 +00:00
<?php
2022-05-19 14:59:32 +00:00
require "init.php";
2021-05-22 12:07:25 +00:00
// Session initialisation (with cookies)
2021-08-05 00:16:58 +00:00
if (
isset($_COOKIE['niver-session-key']) // Resume session
2022-04-18 14:05:00 +00:00
OR
(SERVICE === "auth" // Create new session
2022-05-21 17:41:46 +00:00
AND (PAGE === "login" OR PAGE === "register")
2022-04-18 14:05:00 +00:00
AND isset($_POST['username']))
) {
session_start([
'name' => 'niver-session-key',
2022-04-18 14:05:00 +00:00
'sid_length' => 64,
'sid_bits_per_character' => 6,
'cookie_secure' => true,
'cookie_httponly' => true,
'cookie_samesite' => 'Strict',
'cookie_path' => CONF['common']['prefix'] . '/',
2022-04-18 14:05:00 +00:00
'cookie_lifetime' => 432000, // = 60*60*24*5 = 5 days
'gc_maxlifetime' => 10800,
'use_strict_mode' => true,
'use_cookies' => true,
'use_only_cookies' => true,
]);
2021-08-05 00:16:58 +00:00
}
2021-05-14 19:10:56 +00:00
2021-01-22 20:58:46 +00:00
?>
<!DOCTYPE html>
2022-06-06 21:14:50 +00:00
<html lang="fr"<?php if (!empty(SERVICE)) echo ' class="' . SERVICE . '"'; ?>>
2022-04-18 14:05:00 +00:00
<head>
<meta charset="utf-8">
2022-04-18 14:05:00 +00:00
<title><?php
if (isset($page['title']))
echo strip_tags($page['title']) . " < ";
2022-05-31 21:28:32 +00:00
if (isset($page['service']))
echo strip_tags($page['service']) . " < ";
echo strip_tags(TITLES['index']);
?></title>
2022-05-31 21:28:32 +00:00
<?php
foreach (array_diff(scandir(CONF['common']['root_path'] . "/public/css"), array('..', '.')) as $cssPath)
echo ' <link type="text/css" rel="stylesheet" media="screen" href="' . CONF['common']['prefix'] . '/css/' . $cssPath . '">' . "\n";
?>
2022-04-18 14:05:00 +00:00
<meta name="viewport" content="width=device-width, initial-scale=1">
</head>
<body>
<header>
2022-06-06 21:14:50 +00:00
<p>
<?php if (isset($_SESSION['username'])) { ?>
🆔 <strong><?= $_SESSION['username'] ?></strong> <a class='auth' href='<?= CONF['common']['prefix'] ?>/auth/logout'>Se déconnecter</a>
<?php } else { ?>
<span aria-hidden="true">👻 </span><em>Anonyme</em> <a class="auth" href="<?= redirUrl('auth/login') ?>">Se connecter</a>
2022-06-06 21:14:50 +00:00
<?php } ?>
</p>
2022-04-18 14:05:00 +00:00
<nav>
2022-06-06 21:14:50 +00:00
<ul><li><?php
echo (!isset($page['service'])) ? '<h1><a class="niver" href="..">' . TITLES['index'] . '</a></h1>' : "";
echo (isset($page['service']) AND PAGE == "index") ? '<a class="niver" href="..">' . TITLES['index'] . '</a><ul><li> <a href="."><h1>' . $page['service'] . '</h1></a></li></ul>' : "";
echo (PAGE != "index") ? '<a class="niver" href="..">' . TITLES['index'] . '</a><ul><li> <a href=".">' . $page['service'] . '</a><ul><li> <a href="' . PAGE . '"><h1>' . $page['title'] . "</h1></a></li></ul></li></ul>" : "";
2022-06-06 21:14:50 +00:00
?></li></ul>
2021-03-20 22:48:54 +00:00
</nav>
2022-04-18 14:05:00 +00:00
</header>
<main>
<?php
2022-06-11 22:04:18 +00:00
if (in_array(SERVICE, ['reg', 'ns', 'ht']) AND CONF[SERVICE]['enabled'] !== true)
userError("Ce service est désactivé.");
// Protect against cross-site request forgery if a POST request is received
if (empty($_POST) === false AND (isset($_SERVER['HTTP_SEC_FETCH_SITE']) !== true OR $_SERVER['HTTP_SEC_FETCH_SITE'] !== "same-origin"))
2022-05-24 23:16:41 +00:00
userError("Anti-<abbr title='Cross-Site Request Forgery'>CSRF</abbr> verification failed ! (Wrong or unset <code>Sec-Fetch-Site</code> HTTP header)");
function closeHTML() {
?>
</main>
</body>
</html>
2022-05-24 23:16:41 +00:00
<?php
exit();
}