2015-10-23 11:08:33 +00:00
|
|
|
<?php
|
2015-10-21 20:56:56 +00:00
|
|
|
|
|
|
|
|
/***********************************************************
|
|
|
|
|
* *
|
|
|
|
|
* MANAGER DE SECURITE GENERALE ET SPECIFIQUE *
|
|
|
|
|
* *
|
|
|
|
|
************************************************************
|
|
|
|
|
* *
|
|
|
|
|
* [0] Constantes *
|
|
|
|
|
* [1] Session & redirection *
|
|
|
|
|
* *
|
|
|
|
|
* *
|
|
|
|
|
* *
|
|
|
|
|
* *
|
|
|
|
|
* *
|
|
|
|
|
* *
|
|
|
|
|
* *
|
|
|
|
|
* *
|
|
|
|
|
* *
|
|
|
|
|
* *
|
|
|
|
|
***********************************************************/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* [0] CONSTANTES
|
|
|
|
|
============================================================*/
|
|
|
|
|
function getPermissions(){ return array('student', 'teacher', 'master', 'admin'); }
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* [1] SESSIONS & REDIRECTION
|
|
|
|
|
============================================================*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* ETABLIT UNE SESSION SÉCURISÉE
|
|
|
|
|
*
|
|
|
|
|
* [1] Définit un id_session (PHPSESSID) unique et propre à une connection
|
|
|
|
|
* + propre à un navigateur (navigateur, version, OS, système X, ...)
|
|
|
|
|
* + propre à un accès (ip publique = box)
|
|
|
|
|
*
|
|
|
|
|
* [2] Démarre la session
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
function session_init(){
|
2015-10-22 08:29:43 +00:00
|
|
|
/*
|
2015-10-21 20:56:56 +00:00
|
|
|
session_id( // on définit le session id
|
|
|
|
|
sha1( // qui est un Hash MD5
|
|
|
|
|
$_SERVER['HTTP_USER_AGENT']. // qui correspond aux infos système disponibles de l'utilisateur
|
|
|
|
|
$_SERVER['REMOTE_ADDR'] // et de son ip publique
|
|
|
|
|
)
|
|
|
|
|
);
|
2015-10-22 08:29:43 +00:00
|
|
|
*/
|
|
|
|
|
|
2015-10-21 20:56:56 +00:00
|
|
|
session_start(); // on démarre la session
|
|
|
|
|
|
|
|
|
|
$PERMISSIONS = getPermissions();
|
|
|
|
|
|
|
|
|
|
// on vérifie l'intégrité des variables session
|
|
|
|
|
$usernameDefinedProperly = isset($_SESSION['username']) && !empty($_SESSION['username']) && gettype($_SESSION['username']) == 'string' && strlen($_SESSION['username']) > 0;
|
|
|
|
|
$permissionsDefinedProperly = isset($_SESSION['permissions']) && !empty($_SESSION['permissions']) && gettype($_SESSION['permissions']) == 'string' && strlen($_SESSION['permissions']) > 0;
|
|
|
|
|
|
|
|
|
|
// si les variables sessions ne sont pas toutes les 2 correctes
|
|
|
|
|
if( !($usernameDefinedProperly && $permissionsDefinedProperly) ){
|
|
|
|
|
$_SESSION['username'] = null; // on les initialise à NULL
|
|
|
|
|
$_SESSION['permissions'] = null;
|
|
|
|
|
}
|
2015-10-23 11:08:33 +00:00
|
|
|
}session_init();
|
2015-10-21 20:56:56 +00:00
|
|
|
|
|
|
|
|
|
2015-10-23 11:08:33 +00:00
|
|
|
function debug(){
|
|
|
|
|
ini_set('display_errors',1);
|
|
|
|
|
ini_set('display_startup_errors',1);
|
|
|
|
|
error_reporting(-1);
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-21 20:56:56 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
?>
|
