86400,"path"=>"/","domain"=>".weval-consulting.com","secure"=>true,"httponly"=>true,"samesite"=>"Lax"]); session_start(); $action = $_POST['action'] ?? $_GET['action'] ?? ''; if ($action === 'login') { $user = trim($_POST['user'] ?? ''); $pass = $_POST['pass'] ?? ''; require_once __DIR__ . '/weval-passwords.php'; if (weval_verify_password($user, $pass)) { $_SESSION['weval_auth'] = true; $_SESSION['weval_user'] = $user; $_SESSION['weval_time'] = time(); $redir = $_POST["redirect"] ?? "/products/workspace.html"; echo json_encode(["ok"=>true,"user"=>$user,"redirect"=>$redir]); } else { http_response_code(401); echo json_encode(["ok"=>false,"error"=>"Identifiants incorrects"]); } exit; } if ($action === 'logout') { $_SESSION = []; if (ini_get("session.use_cookies")) { $p = session_get_cookie_params(); setcookie(session_name(), '', time()-42000, $p["path"], $p["domain"], $p["secure"], $p["httponly"]); } session_destroy(); echo json_encode(["ok"=>true]); exit; } if ($action === 'check') { if (!empty($_SESSION['weval_auth']) && $_SESSION['weval_auth'] === true) { echo json_encode(["ok"=>true,"user"=>$_SESSION['weval_user'] ?? '']); } else { http_response_code(401); echo json_encode(["ok"=>false]); } exit; } if ($action === 'status') { echo json_encode([ "ok"=>true, "authenticated"=>!empty($_SESSION['weval_auth']), "user"=>$_SESSION['weval_user'] ?? null, "session_age"=>!empty($_SESSION['weval_time']) ? time()-$_SESSION['weval_time'] : null, "server"=>"S204", "version"=>"2.1" ]); exit; } if ($action === '') { header('Location: /api/weval-auth-session.php?action=status'); exit; } echo json_encode(["ok"=>false,"error"=>"Unknown action. Use: check, status, login, logout"]);