ça marche (+csp header ) :D

This commit is contained in:
thaaoblues 2024-02-08 19:50:48 +01:00
parent c782ccb0c0
commit f3eb274144
7 changed files with 40 additions and 27 deletions

View file

@ -1,4 +1,4 @@
<?php <?php
$page = str_replace(".php","",basename($_SERVER['SCRIPT_FILENAME'])); $page = str_replace(".php","",basename($_SERVER['SCRIPT_FILENAME']));
?> ?>
<script src="js/<?=$page?>.js"> <script src="js/<?=$page?>.js"></script>

View file

@ -1,3 +1,6 @@
<?php
header("Content-Security-Policy: default-src 'self'; connect-src 'self'; script-src 'self'; img-src 'self'; font-src 'self'; media-src 'self'; frame-src 'self'; sandbox allow-forms; object-src 'none'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; worker-src 'none'; manifest-src : 'none'; prefetch-src : 'none'; navigate-to 'self';")
?>
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
@ -6,5 +9,5 @@
?> ?>
<title><?=$titre_page?></title> <title><?=$titre_page?></title>
<link rel="stylesheet" src="css/<?=$page?>.css"> <link rel="stylesheet" src="css/<?=$page?>.css">
</head> </head>

View file

@ -11,7 +11,7 @@
*/ */
include("session_verif.php"); //include("session_verif.php");
include("bdd.php"); include("bdd.php");
include('php-csrf.php'); include('php-csrf.php');

View file

@ -2,8 +2,8 @@
<!DOCTYPE html> <!DOCTYPE html>
<html lang="en"> <html lang="en">
<?php <?php
$tire_page = "Ach'INSA"; $titre_page = "Arch'INSA";
include "_patials/head.php" include "_partials/_head.php";
?> ?>
<body> <body>
<?php <?php
@ -11,8 +11,8 @@
session_start(); session_start();
?> ?>
<a href="javascript:authenticate_user();">connection</a> <button id="btn-connection">connection</button>
<a href="javascript:unauthenticate_user();">déconnection</a> <button id="lien-deconnection">déconnection</button>
<div id="user_status"> <div id="user_status">
@ -32,6 +32,6 @@
</body> </body>
<?php <?php
include "_partials/footer.php"; include "_partials/_footer.php";
?> ?>
</html> </html>

View file

@ -150,21 +150,33 @@ async function gen_chronologie(){
} }
gen_chronologie(); document.addEventListener("DOMContentLoaded", (event)=>{
gen_chronologie();
test_auth(); test_auth();
document.getElementById("recherche_input").onkeydown =function(event) { document.getElementById("recherche_input").onkeydown =function(event) {
if (event.key === "Enter"){ if (event.key === "Enter"){
rechercher(); rechercher();
}
}
document.getElementById("themes_input").onkeydown =function(event) {
if (event.key === "Enter"){
var theme = document.createElement("div");
theme.setAttribute("class","theme");
theme.innerText = document.getElementById("themes_input").value;
document.getElementById("recherche_form").appendChild(theme);
document.getElementById("themes_input").value = "";
}
} }
}
document.getElementById("themes_input").onkeydown =function(event) {
if (event.key === "Enter"){
var theme = document.createElement("div");
theme.setAttribute("class","theme");
theme.innerText = document.getElementById("themes_input").value;
document.getElementById("recherche_form").appendChild(theme);
document.getElementById("themes_input").value = ""; document.getElementById("btn-connection").addEventListener("click", (event) => {
} authenticate_user();
} });
document.getElementById("btn-deconnection").addEventListener("click", (event) => {
unauthenticate_user();
});
});

View file

@ -10,7 +10,7 @@ phpCAS::setLogger();
phpCAS::setVerbose(true); phpCAS::setVerbose(true);
// Initialize phpCAS // Initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, "cas.insa-toulouse.fr", 443, 'cas',"https://cas.insa-toulouse.fr"); phpCAS::client(CAS_VERSION_2_0, "cas.insa-toulouse.fr", 443, 'cas',"https://arch.etud.insa-toulouse.fr");
// For production use set the CA certificate that is the issuer of the cert // For production use set the CA certificate that is the issuer of the cert
// on the CAS server and uncomment the line below // on the CAS server and uncomment the line below

View file

@ -6,14 +6,12 @@
?> ?>
<body> <body>
<?php <?php
include("session_verif.php"); //include("session_verif.php");
// Include the PHP-CSRF library
include('php-csrf.php'); include('php-csrf.php');
$csrf = new CSRF(); $csrf = new CSRF();
?> ?>
<!-- Input to choose files -->
<form id="uploadForm" enctype="multipart/form-data"> <form id="uploadForm" enctype="multipart/form-data">
<input type="file" id="fileInput" multiple> <input type="file" id="fileInput" multiple>