From 8bccaeabc9874fb44ea6f08675c5c269c2b07bc7 Mon Sep 17 00:00:00 2001
From: KANE LAZENI <lkane@ebene.info>
Date: Mon, 23 Feb 2026 05:06:08 +0000
Subject: [PATCH] a

---
 Contestation/verify_facial_api.php | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/Contestation/verify_facial_api.php b/Contestation/verify_facial_api.php
index 570e389..e96755a 100644
--- a/Contestation/verify_facial_api.php
+++ b/Contestation/verify_facial_api.php
@@ -1,16 +1,32 @@
 <?php
-ob_start(); // ✅ capture tout output parasite
+ob_start();
 session_start();
 header('Content-Type: application/json');
 
+// ✅ Vérifier la session avant tout
+if (!isset($_SESSION['assure'])) {
+    ob_end_clean();
+    echo json_encode(['success' => false, 'message' => 'Session expirée, rechargez la page']);
+    exit;
+}
+
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    ob_end_clean();
+    echo json_encode(['success' => false, 'message' => 'Méthode non autorisée']);
+    exit;
+}
+
 class FacialVerificationAPI {
     private $assure_api;
     private $maxAttempts = 3;
     
     public function __construct() {
-        $this->assure_api  = $_SESSION['assure'];                                                // ✅ $this->
-        $this->maxAttempts = $this->assure_api->get_nbTentativeBiometrie($_SESSION['codeEntite']); // ✅ $this->
+        $this->assure_api  = $_SESSION['assure'];
+        $this->maxAttempts = $this->assure_api 
+            ? $this->assure_api->get_nbTentativeBiometrie($_SESSION['codeEntite']) 
+            : 3;
     }
+
     
     /**
      * Valide un token de vérification