yanis/html
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
da170ef31d6b54f82b815dce3e237d1cbe220c96
html/auth/weval-auth.php
WEVIA 6c0cae08ed
Some checks failed
WEVAL NonReg / nonreg (push) Has been cancelled
Details
ROOT CAUSE DEFINITIF: session_start read_and_close — fix concurrent auth timeout on blade-ai
2026-04-13 11:12:56 +02:00

71 lines
2.3 KiB
PHP
Raw Blame History

<?php
/**
* WEVAL SIMPLE AUTH v1.0
* Remplace Authentik — session PHP + cookie sécurisé
* Include en haut de chaque page protégée: require '/var/www/html/auth/weval-auth.php';
* Ou: appel nginx auth_request vers /auth/check
*/
session_start(['read_and_close' => true]);
// Config
define('AUTH_USER', 'yacine');
define('AUTH_PASS_HASH', password_hash('Weval@2026', PASSWORD_BCRYPT)); // Change ce hash
define('AUTH_COOKIE_NAME', 'weval_session');
define('AUTH_COOKIE_DAYS', 30);
define('AUTH_SECRET', 'W3v4l_Auth_S1mpl3_2026_X9K');
function weval_check_auth() {
// 1. Check session
if (!empty($_SESSION['weval_authenticated']) && $_SESSION['weval_authenticated'] === true) {
return true;
}
// 2. Check remember cookie
if (!empty($_COOKIE[AUTH_COOKIE_NAME])) {
$data = json_decode(base64_decode($_COOKIE[AUTH_COOKIE_NAME]), true);
if ($data && isset($data['user'], $data['sig'], $data['exp'])) {
if ($data['exp'] > time()) {
$expected_sig = hash_hmac('sha256', $data['user'] . $data['exp'], AUTH_SECRET);
if (hash_equals($expected_sig, $data['sig'])) {
$_SESSION['weval_authenticated'] = true;
$_SESSION['weval_user'] = $data['user'];
return true;
}
}
}
}
return false;
}
function weval_login($user, $pass) {
if ($user === AUTH_USER && password_verify($pass, AUTH_PASS_HASH)) {
$_SESSION['weval_authenticated'] = true;
$_SESSION['weval_user'] = $user;
// Set remember cookie
$exp = time() + (AUTH_COOKIE_DAYS * 86400);
$sig = hash_hmac('sha256', $user . $exp, AUTH_SECRET);
$cookie_data = base64_encode(json_encode(['user' => $user, 'sig' => $sig, 'exp' => $exp]));
setcookie(AUTH_COOKIE_NAME, $cookie_data, $exp, '/', '', true, true);
return true;
}
return false;
}
function weval_logout() {
$_SESSION = [];
session_destroy();
setcookie(AUTH_COOKIE_NAME, '', time() - 3600, '/', '', true, true);
}
function weval_require_auth() {
if (!weval_check_auth()) {
$return_url = $_SERVER['REQUEST_URI'];
header('Location: /login?r=' . urlencode($return_url));
exit;
}
}
Reference in New Issue View Git Blame Copy Permalink