ça marche (+csp header ) :D

This commit is contained in:
thaaoblues 2024-02-08 19:50:48 +01:00
parent c782ccb0c0
commit f3eb274144
7 changed files with 40 additions and 27 deletions

View file

@ -1,4 +1,4 @@
<?php
$page = str_replace(".php","",basename($_SERVER['SCRIPT_FILENAME']));
?>
<script src="js/<?=$page?>.js">
<script src="js/<?=$page?>.js"></script>

View file

@ -1,3 +1,6 @@
<?php
header("Content-Security-Policy: default-src 'self'; connect-src 'self'; script-src 'self'; img-src 'self'; font-src 'self'; media-src 'self'; frame-src 'self'; sandbox allow-forms; object-src 'none'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; worker-src 'none'; manifest-src : 'none'; prefetch-src : 'none'; navigate-to 'self';")
?>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
@ -6,5 +9,5 @@
?>
<title><?=$titre_page?></title>
<link rel="stylesheet" src="css/<?=$page?>.css">
</head>

View file

@ -11,7 +11,7 @@
*/
include("session_verif.php");
//include("session_verif.php");
include("bdd.php");
include('php-csrf.php');

View file

@ -2,8 +2,8 @@
<!DOCTYPE html>
<html lang="en">
<?php
$tire_page = "Ach'INSA";
include "_patials/head.php"
$titre_page = "Arch'INSA";
include "_partials/_head.php";
?>
<body>
<?php
@ -11,8 +11,8 @@
session_start();
?>
<a href="javascript:authenticate_user();">connection</a>
<a href="javascript:unauthenticate_user();">déconnection</a>
<button id="btn-connection">connection</button>
<button id="lien-deconnection">déconnection</button>
<div id="user_status">
@ -32,6 +32,6 @@
</body>
<?php
include "_partials/footer.php";
include "_partials/_footer.php";
?>
</html>

View file

@ -150,21 +150,33 @@ async function gen_chronologie(){
}
gen_chronologie();
document.addEventListener("DOMContentLoaded", (event)=>{
gen_chronologie();
test_auth();
document.getElementById("recherche_input").onkeydown =function(event) {
if (event.key === "Enter"){
rechercher();
test_auth();
document.getElementById("recherche_input").onkeydown =function(event) {
if (event.key === "Enter"){
rechercher();
}
}
document.getElementById("themes_input").onkeydown =function(event) {
if (event.key === "Enter"){
var theme = document.createElement("div");
theme.setAttribute("class","theme");
theme.innerText = document.getElementById("themes_input").value;
document.getElementById("recherche_form").appendChild(theme);
document.getElementById("themes_input").value = "";
}
}
}
document.getElementById("themes_input").onkeydown =function(event) {
if (event.key === "Enter"){
var theme = document.createElement("div");
theme.setAttribute("class","theme");
theme.innerText = document.getElementById("themes_input").value;
document.getElementById("recherche_form").appendChild(theme);
document.getElementById("themes_input").value = "";
}
}
document.getElementById("btn-connection").addEventListener("click", (event) => {
authenticate_user();
});
document.getElementById("btn-deconnection").addEventListener("click", (event) => {
unauthenticate_user();
});
});

View file

@ -10,7 +10,7 @@ phpCAS::setLogger();
phpCAS::setVerbose(true);
// Initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, "cas.insa-toulouse.fr", 443, 'cas',"https://cas.insa-toulouse.fr");
phpCAS::client(CAS_VERSION_2_0, "cas.insa-toulouse.fr", 443, 'cas',"https://arch.etud.insa-toulouse.fr");
// For production use set the CA certificate that is the issuer of the cert
// on the CAS server and uncomment the line below

View file

@ -6,14 +6,12 @@
?>
<body>
<?php
include("session_verif.php");
// Include the PHP-CSRF library
//include("session_verif.php");
include('php-csrf.php');
$csrf = new CSRF();
?>
<!-- Input to choose files -->
<form id="uploadForm" enctype="multipart/form-data">
<input type="file" id="fileInput" multiple>