2021-01-22 21:58:46 +01:00
< ? php
2022-05-19 16:59:32 +02:00
require " init.php " ;
2021-05-22 14:07:25 +02:00
2021-07-15 15:36:34 +02:00
// Session initialisation (with cookies)
2021-08-05 02:16:58 +02:00
if (
2022-05-22 14:59:45 +02:00
isset ( $_COOKIE [ 'niver-session-key' ]) // Resume session
2022-04-18 16:05:00 +02:00
OR
( SERVICE === " auth " // Create new session
2022-05-21 19:41:46 +02:00
AND ( PAGE === " login " OR PAGE === " register " )
2022-04-18 16:05:00 +02:00
AND isset ( $_POST [ 'username' ]))
) {
session_start ([
2022-05-22 14:59:45 +02:00
'name' => 'niver-session-key' ,
2022-04-18 16:05:00 +02:00
'sid_length' => 64 ,
'sid_bits_per_character' => 6 ,
'cookie_secure' => true ,
'cookie_httponly' => true ,
'cookie_samesite' => 'Strict' ,
2022-05-20 00:15:13 +02:00
'cookie_path' => CONF [ 'common' ][ 'prefix' ] . '/' ,
2022-04-18 16:05:00 +02:00
'cookie_lifetime' => 432000 , // = 60*60*24*5 = 5 days
'gc_maxlifetime' => 10800 ,
'use_strict_mode' => true ,
'use_cookies' => true ,
'use_only_cookies' => true ,
]);
2021-08-05 02:16:58 +02:00
}
2021-05-14 21:10:56 +02:00
2021-07-15 15:36:34 +02:00
// Less > CSS compilation
2021-01-22 21:58:46 +01:00
2022-04-23 01:57:43 +02:00
// Color scheme
define ( " THEME " , array (
// Displayed on light theme
'darkRegColor' => " #D100D1 " ,
'darkNsColor' => " #006DFF " ,
'darkHtColor' => " #008768 " ,
'darkAuthColor' => " #EE0000 " ,
// Displayed on dark theme
'lightRegColor' => " #FF50FF " ,
'lightNsColor' => " #00FFFF " ,
'lightHtColor' => " #FFFF00 " ,
'lightAuthColor' => " #00FF00 " ,
'lightColor' => '#FFFFFF' ,
'darkColor' => '#000000' ,
));
2021-01-22 21:58:46 +01:00
?>
<! DOCTYPE html >
2022-05-31 23:28:32 +02:00
< html lang = " fr " < ? php if ( ! empty ( SERVICE )) echo 'class="' . SERVICE . '"' ; ?>
2022-04-18 16:05:00 +02:00
< head >
2022-05-22 17:47:00 +02:00
< meta charset = " utf-8 " >
2022-04-18 16:05:00 +02:00
< title >< ? php
2022-05-31 23:28:32 +02:00
if ( isset ( $page [ 'title' ]) AND $page [ 'title' ] != " Accueil " )
echo $page [ 'title' ] . " < " ;
if ( isset ( $page [ 'service' ]))
echo $page [ 'service' ] . " < " ;
?> Niver</title>
< ? php
foreach ( array_diff ( scandir ( CONF [ 'common' ][ 'root_path' ] . " /public/css " ), array ( '..' , '.' )) as $cssPath )
echo ' <link type="text/css" rel="stylesheet" media="screen" href="' . CONF [ 'common' ][ 'prefix' ] . '/css/' . $cssPath . '">' . " \n " ;
?>
2022-04-18 16:05:00 +02:00
< meta name = " viewport " content = " width=device-width, initial-scale=1 " >
</ head >
< body >
< header >
< nav >
2022-05-20 00:15:13 +02:00
< a href = " .. " > Niver </ a >< ? php
2022-05-22 17:47:00 +02:00
if ( isset ( $page [ 'service' ]))
echo ' > <a href=".">' . $page [ 'service' ] . '</a>' ;
if ( PAGE != " index " )
echo ' > <a href="' . PAGE . '">' . $page [ 'title' ] . " </a> " ;
?>
2021-03-20 23:48:54 +01:00
2022-05-22 17:47:00 +02:00
</ nav >
2022-04-18 16:05:00 +02:00
</ header >
< main >
2022-05-22 17:47:00 +02:00
2022-05-22 14:59:45 +02:00
< ? php
2022-05-22 17:47:00 +02:00
if ( isset ( $page [ 'title' ]))
echo " <h1> " . $page [ 'title' ] . " </h1> " ;
// Protect against cross-site request forgery if a POST request is received
if ( empty ( $_POST ) === false AND ( isset ( $_SERVER [ 'HTTP_SEC_FETCH_SITE' ]) !== true OR $_SERVER [ 'HTTP_SEC_FETCH_SITE' ] !== " same-origin " ))
2022-05-25 01:16:41 +02:00
userError ( " Anti-<abbr title='Cross-Site Request Forgery'>CSRF</abbr> verification failed ! (Wrong or unset <code>Sec-Fetch-Site</code> HTTP header) " );
2022-05-22 17:47:00 +02:00
2022-05-22 14:59:45 +02:00
function closeHTML () {
?>
</ main >
< footer >
< small >
< ? php if ( isset ( $_SESSION [ 'username' ])) {
2022-05-31 23:28:32 +02:00
echo " Connecté·e en tant que " . $_SESSION [ 'username' ] . " . <a class='auth' href=' " . CONF [ 'common' ][ 'prefix' ] . " /auth/logout'>Se déconnecter</a> " ;
2022-05-22 14:59:45 +02:00
} else { ?>
2022-05-31 23:28:32 +02:00
Vous n 'êtes pas connecté·e à un compte Niver. <a class="auth" href="<?= CONF[' common '][' prefix ' ] ?> /auth/login?redir=<?php if (SERVICE !== "") echo SERVICE . "/"; ?><?= PAGE ?>">Se connecter</a>
2022-05-22 14:59:45 +02:00
< ? php } ?>
</ small >
</ footer >
</ body >
</ html >
2022-05-25 01:16:41 +02:00
< ? php
exit ();
}
2022-05-22 14:59:45 +02:00
2022-05-25 01:16:41 +02:00
?>