ça marche (+csp header ) :D

This commit is contained in:
thaaoblues 2024-02-08 19:50:48 +01:00
parent c782ccb0c0
commit f3eb274144
7 changed files with 40 additions and 27 deletions

View file

@ -1,4 +1,4 @@
<?php
$page = str_replace(".php","",basename($_SERVER['SCRIPT_FILENAME']));
?>
<script src="js/<?=$page?>.js">
<script src="js/<?=$page?>.js"></script>

View file

@ -1,3 +1,6 @@
<?php
header("Content-Security-Policy: default-src 'self'; connect-src 'self'; script-src 'self'; img-src 'self'; font-src 'self'; media-src 'self'; frame-src 'self'; sandbox allow-forms; object-src 'none'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; worker-src 'none'; manifest-src : 'none'; prefetch-src : 'none'; navigate-to 'self';")
?>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">

View file

@ -11,7 +11,7 @@
*/
include("session_verif.php");
//include("session_verif.php");
include("bdd.php");
include('php-csrf.php');

View file

@ -2,8 +2,8 @@
<!DOCTYPE html>
<html lang="en">
<?php
$tire_page = "Ach'INSA";
include "_patials/head.php"
$titre_page = "Arch'INSA";
include "_partials/_head.php";
?>
<body>
<?php
@ -11,8 +11,8 @@
session_start();
?>
<a href="javascript:authenticate_user();">connection</a>
<a href="javascript:unauthenticate_user();">déconnection</a>
<button id="btn-connection">connection</button>
<button id="lien-deconnection">déconnection</button>
<div id="user_status">
@ -32,6 +32,6 @@
</body>
<?php
include "_partials/footer.php";
include "_partials/_footer.php";
?>
</html>

View file

@ -150,6 +150,7 @@ async function gen_chronologie(){
}
document.addEventListener("DOMContentLoaded", (event)=>{
gen_chronologie();
test_auth();
@ -168,3 +169,14 @@ document.getElementById("themes_input").onkeydown =function(event) {
document.getElementById("themes_input").value = "";
}
}
document.getElementById("btn-connection").addEventListener("click", (event) => {
authenticate_user();
});
document.getElementById("btn-deconnection").addEventListener("click", (event) => {
unauthenticate_user();
});
});

View file

@ -10,7 +10,7 @@ phpCAS::setLogger();
phpCAS::setVerbose(true);
// Initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, "cas.insa-toulouse.fr", 443, 'cas',"https://cas.insa-toulouse.fr");
phpCAS::client(CAS_VERSION_2_0, "cas.insa-toulouse.fr", 443, 'cas',"https://arch.etud.insa-toulouse.fr");
// For production use set the CA certificate that is the issuer of the cert
// on the CAS server and uncomment the line below

View file

@ -6,14 +6,12 @@
?>
<body>
<?php
include("session_verif.php");
// Include the PHP-CSRF library
//include("session_verif.php");
include('php-csrf.php');
$csrf = new CSRF();
?>
<!-- Input to choose files -->
<form id="uploadForm" enctype="multipart/form-data">
<input type="file" id="fileInput" multiple>