a

Contestation/verify_facial_api.php

@@ -1,16 +1,32 @@
 <?php
-ob_start(); // ✅ capture tout output parasite
+ob_start();
 session_start();
 header('Content-Type: application/json');
 
+// ✅ Vérifier la session avant tout
+if (!isset($_SESSION['assure'])) {
+    ob_end_clean();
+    echo json_encode(['success' => false, 'message' => 'Session expirée, rechargez la page']);
+    exit;
+}
+
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    ob_end_clean();
+    echo json_encode(['success' => false, 'message' => 'Méthode non autorisée']);
+    exit;
+}
+
 class FacialVerificationAPI {
     private $assure_api;
     private $maxAttempts = 3;
     
     public function __construct() {
-        $this->assure_api  = $_SESSION['assure'];                                                // ✅ $this->
-        $this->maxAttempts = $this->assure_api->get_nbTentativeBiometrie($_SESSION['codeEntite']); // ✅ $this->
+        $this->assure_api  = $_SESSION['assure'];
+        $this->maxAttempts = $this->assure_api 
+            ? $this->assure_api->get_nbTentativeBiometrie($_SESSION['codeEntite']) 
+            : 3;
     }
+
     
     /**
      * Valide un token de vérification