From 13be1ee5e092c5ceb9ddaac337448880c38be45a Mon Sep 17 00:00:00 2001
From: KANE LAZENI <lkane@ebene.info>
Date: Sat, 18 Apr 2026 14:36:59 +0000
Subject: [PATCH] a

---
 .htaccess                          | 10 ++++++++--
 Controleur/ControleurConnexion.php | 20 ++++++++------------
 Vue/Ajaxconnexioncookie/french.php |  2 ++
 3 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/.htaccess b/.htaccess
index 2177b047..a89ead89 100755
--- a/.htaccess
+++ b/.htaccess
@@ -1,6 +1,5 @@
 # Activation du moteur de réécriture
 RewriteEngine on
-# RewriteCond %{Request_URI} !^.*/flexcode_web/.*
 RewriteRule ^([a-zA-Z]*)/?([a-zA-Z]*)?/?([a-zA-Z0-9]*)?/?$ index.php?controleur=$1&action=$2&id=$3 [NC,L]
 
 # Sécurité serveur
@@ -16,6 +15,13 @@ ServerSignature Off
     Header set X-Frame-Options "SAMEORIGIN"
     Header set X-Content-Type-Options "nosniff"
     Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
-    Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'"
+	
+	Header set Content-Security-Policy "default-src 'self'; \
+	  script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; \
+	  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; \
+	  font-src 'self' https://fonts.gstatic.com; \
+	  connect-src 'self' https://cdn.jsdelivr.net; \
+	  img-src 'self' data: https:"
+  
     Header set Referrer-Policy "strict-origin-when-cross-origin"
 </IfModule>
\ No newline at end of file
diff --git a/Controleur/ControleurConnexion.php b/Controleur/ControleurConnexion.php
index cd5317cb..fd41df38 100755
--- a/Controleur/ControleurConnexion.php
+++ b/Controleur/ControleurConnexion.php
@@ -52,10 +52,6 @@ require_once 'Modele/Societeusercentral.php';
 			$_SESSION['codeSociete'] = $codeSociete;
 			$_SESSION['lang'] = $langue;
 
-			
-			// Ajout KANE du 16/12/2024 => Vérifier que le société existe!
-			//$societeExiste = $this->societeusercentral->existeligne($codeSociete); 
-			
 			$societeExiste = $this->societeusercentral->existeligneconnexion($codeSociete);
 
 			if (!$societeExiste)
@@ -74,14 +70,6 @@ require_once 'Modele/Societeusercentral.php';
 
 			$paramsabonnementsaas  = $this->societeusercentral->getParamsAbonnementSaas($codeSociete);
 
-			/*
-			var_dump
-			(
-				array('paramsabonnementsaas' => $paramsabonnementsaas)
-			);
-			exit();
-			*/
-			
 			$actif 			= $paramsabonnementsaas['actif'];
 			$delaiUsageSaas = $paramsabonnementsaas['delaiUsageSaas'];
 			$dateJour 		= date('Y-m-d'); 
@@ -206,6 +194,14 @@ require_once 'Modele/Societeusercentral.php';
 			
             if ($this->utilisateur->connecter($login, $mdp)) 
 			{
+				echo session_id();
+				session_regenerate_id(true); // 18/04/2026
+				echo "<br>";
+				echo session_id();
+
+				$_SESSION['codeSociete'] = $codeSociete;
+				$_SESSION['lang'] = $langue;
+
 				$_SESSION['nbTentativeConnexion'] = '0';
 				
 				$this->logconnexion->succesconnexion($idConnexion);	
diff --git a/Vue/Ajaxconnexioncookie/french.php b/Vue/Ajaxconnexioncookie/french.php
index d16f6b18..5252ed97 100755
--- a/Vue/Ajaxconnexioncookie/french.php
+++ b/Vue/Ajaxconnexioncookie/french.php
@@ -7,6 +7,8 @@
 	
 	// echo session_save_path();
 	// echo ini_get('session.gc_maxlifetime');
+	echo session_id();
+
 ?>
 
 <span class="login100-form-title" style="font-family: Play-Bold; color:#e5e5e5; margin-top: 12px; margin-bottom:10px;">