yanis/html
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
4e522beefbdbccbf64ebe6c2759103228fa7a678
html/api/weval-auth-session.php
WEVIA b9b1c1c75c reinit-after-reset
2026-04-12 22:57:03 +02:00

68 lines
2.1 KiB
PHP
Raw Blame History

<?php
// WEVAL Auth Session — DEFINITIVE v2
// Uses external password file — immune to sed/regex corruption
header('Content-Type: application/json');
session_set_cookie_params(["lifetime"=>86400,"path"=>"/","domain"=>".weval-consulting.com","secure"=>true,"httponly"=>true,"samesite"=>"Lax"]);
session_start();
$action = $_POST['action'] ?? $_GET['action'] ?? '';
if ($action === 'login') {
$user = trim($_POST['user'] ?? '');
$pass = $_POST['pass'] ?? '';
require_once __DIR__ . '/weval-passwords.php';
if (weval_verify_password($user, $pass)) {
$_SESSION['weval_auth'] = true;
$_SESSION['weval_user'] = $user;
$_SESSION['weval_time'] = time();
$redir = $_POST["redirect"] ?? "/products/workspace.html";
echo json_encode(["ok"=>true,"user"=>$user,"redirect"=>$redir]);
} else {
http_response_code(401);
echo json_encode(["ok"=>false,"error"=>"Identifiants incorrects"]);
}
exit;
}
if ($action === 'logout') {
$_SESSION = [];
if (ini_get("session.use_cookies")) {
$p = session_get_cookie_params();
setcookie(session_name(), '', time()-42000, $p["path"], $p["domain"], $p["secure"], $p["httponly"]);
}
session_destroy();
echo json_encode(["ok"=>true]);
exit;
}
if ($action === 'check') {
if (!empty($_SESSION['weval_auth']) && $_SESSION['weval_auth'] === true) {
echo json_encode(["ok"=>true,"user"=>$_SESSION['weval_user'] ?? '']);
} else {
http_response_code(401);
echo json_encode(["ok"=>false]);
}
exit;
}
if ($action === 'status') {
echo json_encode([
"ok"=>true,
"authenticated"=>!empty($_SESSION['weval_auth']),
"user"=>$_SESSION['weval_user'] ?? null,
"session_age"=>!empty($_SESSION['weval_time']) ? time()-$_SESSION['weval_time'] : null,
"server"=>"S204",
"version"=>"2.1"
]);
exit;
}
if ($action === '') {
header('Location: /api/weval-auth-session.php?action=status');
exit;
}
echo json_encode(["ok"=>false,"error"=>"Unknown action. Use: check, status, login, logout"]);
Reference in New Issue View Git Blame Copy Permalink