75 lines
2.6 KiB
PHP
75 lines
2.6 KiB
PHP
<?php
|
|
// WEVAL Auth Session — DEFINITIVE v2
|
|
// Uses external password file — immune to sed/regex corruption
|
|
header('Content-Type: application/json');
|
|
session_set_cookie_params(["lifetime"=>86400,"path"=>"/","domain"=>".weval-consulting.com","secure"=>true,"httponly"=>true,"samesite"=>"Lax"]);
|
|
session_start();
|
|
|
|
$action = $_POST['action'] ?? $_GET['action'] ?? '';
|
|
|
|
if ($action === 'login') {
|
|
$user = trim($_POST['user'] ?? '');
|
|
$pass = $_POST['pass'] ?? '';
|
|
|
|
require_once __DIR__ . '/weval-passwords.php';
|
|
|
|
if (weval_verify_password($user, $pass)) {
|
|
$_SESSION['weval_auth'] = true;
|
|
$_SESSION['weval_authenticated'] = true; // V95 unified: also set key for /auth/check
|
|
$_SESSION['weval_user'] = $user;
|
|
$_SESSION['weval_time'] = time();
|
|
// V95 unified: set HMAC remember-me cookie for /auth/weval-auth.php
|
|
$_AUTH_SECRET = 'W3v4l_Auth_S1mpl3_2026_X9K';
|
|
$_exp = time() + (30 * 86400);
|
|
$_sig = hash_hmac('sha256', $user . $_exp, $_AUTH_SECRET);
|
|
$_cookie_data = base64_encode(json_encode(['user' => $user, 'sig' => $_sig, 'exp' => $_exp]));
|
|
setcookie('weval_session', $_cookie_data, $_exp, '/', '.weval-consulting.com', true, true);
|
|
$redir = $_POST["redirect"] ?? "/products/workspace.html";
|
|
echo json_encode(["ok"=>true,"user"=>$user,"redirect"=>$redir]);
|
|
} else {
|
|
http_response_code(401);
|
|
echo json_encode(["ok"=>false,"error"=>"Identifiants incorrects"]);
|
|
}
|
|
exit;
|
|
}
|
|
|
|
if ($action === 'logout') {
|
|
$_SESSION = [];
|
|
if (ini_get("session.use_cookies")) {
|
|
$p = session_get_cookie_params();
|
|
setcookie(session_name(), '', time()-42000, $p["path"], $p["domain"], $p["secure"], $p["httponly"]);
|
|
}
|
|
session_destroy();
|
|
echo json_encode(["ok"=>true]);
|
|
exit;
|
|
}
|
|
|
|
if ($action === 'check') {
|
|
if (!empty($_SESSION['weval_auth']) && $_SESSION['weval_auth'] === true) {
|
|
echo json_encode(["ok"=>true,"user"=>$_SESSION['weval_user'] ?? '']);
|
|
} else {
|
|
http_response_code(401);
|
|
echo json_encode(["ok"=>false]);
|
|
}
|
|
exit;
|
|
}
|
|
|
|
if ($action === 'status') {
|
|
echo json_encode([
|
|
"ok"=>true,
|
|
"authenticated"=>!empty($_SESSION['weval_auth']),
|
|
"user"=>$_SESSION['weval_user'] ?? null,
|
|
"session_age"=>!empty($_SESSION['weval_time']) ? time()-$_SESSION['weval_time'] : null,
|
|
"server"=>"S204",
|
|
"version"=>"2.1"
|
|
]);
|
|
exit;
|
|
}
|
|
|
|
if ($action === '') {
|
|
header('Location: /api/weval-auth-session.php?action=status');
|
|
exit;
|
|
}
|
|
|
|
echo json_encode(["ok"=>false,"error"=>"Unknown action. Use: check, status, login, logout"]);
|