79 lines
2.7 KiB
PHP
79 lines
2.7 KiB
PHP
<?php
|
|
|
|
require "init.php";
|
|
|
|
// Session initialisation (with cookies)
|
|
if (
|
|
isset($_COOKIE['niver-session-key']) // Resume session
|
|
OR
|
|
(SERVICE === "auth" // Create new session
|
|
AND (PAGE === "login" OR PAGE === "register")
|
|
AND isset($_POST['username']))
|
|
) {
|
|
session_start([
|
|
'name' => 'niver-session-key',
|
|
'sid_length' => 64,
|
|
'sid_bits_per_character' => 6,
|
|
'cookie_secure' => true,
|
|
'cookie_httponly' => true,
|
|
'cookie_samesite' => 'Strict',
|
|
'cookie_path' => CONF['common']['prefix'] . '/',
|
|
'cookie_lifetime' => 432000, // = 60*60*24*5 = 5 days
|
|
'gc_maxlifetime' => 10800,
|
|
'use_strict_mode' => true,
|
|
'use_cookies' => true,
|
|
'use_only_cookies' => true,
|
|
]);
|
|
}
|
|
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html lang="fr"<?php if (!empty(SERVICE)) echo ' class="' . SERVICE . '"'; ?>>
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<title><?php
|
|
if (isset($page['title']) AND $page['title'] != "Accueil")
|
|
echo $page['title'] . " < ";
|
|
if (isset($page['service']))
|
|
echo $page['service'] . " < ";
|
|
?>Niver</title>
|
|
<?php
|
|
foreach (array_diff(scandir(CONF['common']['root_path'] . "/public/css"), array('..', '.')) as $cssPath)
|
|
echo ' <link type="text/css" rel="stylesheet" media="screen" href="' . CONF['common']['prefix'] . '/css/' . $cssPath . '">' . "\n";
|
|
?>
|
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
</head>
|
|
<body>
|
|
<header>
|
|
<p>
|
|
<?php if (isset($_SESSION['username'])) { ?>
|
|
🆔 <strong><?= $_SESSION['username'] ?></strong> <a class='auth' href='<?= CONF['common']['prefix'] ?>/auth/logout'>Se déconnecter</a>
|
|
<?php } else { ?>
|
|
👻 <em>Anonyme</em> <a class="auth" href="<?= CONF['common']['prefix'] ?>/auth/login?redir=<?php if (SERVICE !== "") echo SERVICE . "/"; ?><?= PAGE ?>">Se connecter</a>
|
|
<?php } ?>
|
|
</p>
|
|
<nav>
|
|
<ul><li><?php
|
|
echo (!isset($page['service'])) ? '<h1><a class="niver" href="..">Niver</a></h1>' : "";
|
|
echo (isset($page['service']) AND PAGE == "index") ? '<a class="niver" href="..">Niver</a><ul><li> <a href="."><h1>' . $page['service'] . '</h1></a></li></ul>' : "";
|
|
echo (PAGE != "index") ? '<a class="niver" href="..">Niver</a><ul><li> <a href=".">' . $page['service'] . '</a><ul><li> <a href="' . PAGE . '"><h1>' . $page['title'] . "</h1></a></li></ul></li></ul>" : "";
|
|
?></li></ul>
|
|
|
|
</nav>
|
|
</header>
|
|
<main>
|
|
<?php
|
|
|
|
// Protect against cross-site request forgery if a POST request is received
|
|
if (empty($_POST) === false AND (isset($_SERVER['HTTP_SEC_FETCH_SITE']) !== true OR $_SERVER['HTTP_SEC_FETCH_SITE'] !== "same-origin"))
|
|
userError("Anti-<abbr title='Cross-Site Request Forgery'>CSRF</abbr> verification failed ! (Wrong or unset <code>Sec-Fetch-Site</code> HTTP header)");
|
|
|
|
function closeHTML() {
|
|
?>
|
|
</main>
|
|
</body>
|
|
</html>
|
|
<?php
|
|
|
|
exit();
|
|
}
|