a
This commit is contained in:
parent
5ad0ade045
commit
cd724020dd
57
Framework/Csrf.php
Executable file
57
Framework/Csrf.php
Executable file
|
|
@ -0,0 +1,57 @@
|
|||
<?php
|
||||
class Csrf
|
||||
{
|
||||
|
||||
/**
|
||||
* Génère et stocke un token CSRF en session
|
||||
*/
|
||||
public static function generateToken(string $formName = 'default'): string {
|
||||
if (empty($_SESSION['csrf_tokens'][$formName])) {
|
||||
$_SESSION['csrf_tokens'][$formName] = [
|
||||
'token' => bin2hex(random_bytes(32)),
|
||||
'created_at' => time(),
|
||||
];
|
||||
}
|
||||
return $_SESSION['csrf_tokens'][$formName]['token'];
|
||||
}
|
||||
|
||||
/**
|
||||
* Valide le token soumis
|
||||
*/
|
||||
public static function validateToken(string $submittedToken, string $formName = 'default'): bool {
|
||||
$session = $_SESSION['csrf_tokens'][$formName] ?? null;
|
||||
|
||||
if (!$session) return false;
|
||||
|
||||
// Expiration après 1 heure
|
||||
if (time() - $session['created_at'] > 3600) {
|
||||
self::destroyToken($formName);
|
||||
return false;
|
||||
}
|
||||
|
||||
$valid = hash_equals($session['token'], $submittedToken);
|
||||
|
||||
// Token à usage unique : on le supprime après validation
|
||||
if ($valid) {
|
||||
self::destroyToken($formName);
|
||||
}
|
||||
|
||||
return $valid;
|
||||
}
|
||||
|
||||
/**
|
||||
* Supprime un token
|
||||
*/
|
||||
public static function destroyToken(string $formName = 'default'): void {
|
||||
unset($_SESSION['csrf_tokens'][$formName]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Retourne le champ HTML caché à insérer dans les formulaires
|
||||
*/
|
||||
public static function field(string $formName = 'default'): string {
|
||||
$token = self::generateToken($formName);
|
||||
return '<input type="hidden" name="csrf_token" value="' . htmlspecialchars($token) . '">'
|
||||
. '<input type="hidden" name="csrf_form" value="' . htmlspecialchars($formName) . '">';
|
||||
}
|
||||
}
|
||||
|
|
@ -1,104 +1,39 @@
|
|||
<?php //ICB0 71:0 81:d31 82:16f7 ?><?php //002cd
|
||||
if(extension_loaded('ionCube Loader')){die('The file '.__FILE__." is corrupted.\n");}echo("\nScript error: the ".(($cli=(php_sapi_name()=='cli')) ?'ionCube':'<a href="https://www.ioncube.com">ionCube</a>')." Loader for PHP needs to be installed.\n\nThe ionCube Loader is the industry standard PHP extension for running protected PHP code,\nand can usually be added easily to a PHP installation.\n\nFor Loaders please visit".($cli?":\n\nhttps://get-loader.ioncube.com\n\nFor":' <a href="https://get-loader.ioncube.com">get-loader.ioncube.com</a> and for')." an instructional video please see".($cli?":\n\nhttp://ioncu.be/LV\n\n":' <a href="http://ioncu.be/LV">http://ioncu.be/LV</a> ')."\n\n");exit(199);
|
||||
?>
|
||||
HR+cPyfDXuBpbtkrYliIeNkDz8r5mn3hrcbCmELvCPsEvYkpHf6TQ3Ujylhbvs/VtOSTWsSHirwo
|
||||
nZzkWKWH9QrynSZjqGEIERrAQy+KX72sxmb3BAOadoWFs/2zXtm0C+mGV7UsDoSNGnXpwt0YGh81
|
||||
q/KodHNODA+WMID8La3XqoL7dqn/E9v1UtvBSa1ErrLcHp8cufy+HArPCjPYySbNdgoLfZaHzHbW
|
||||
fNDlLFkyyqzhrRK6s5rovHHa5Gn2HaNpuTxVd509ZpbXNk4k5HHoW8rKsyD+PwQI0AFBtZM9Q2Fo
|
||||
XM7sLYgEoFf/6ma2n6yTg8SVkVbwOyjw7pu3gzes8e8uW/thDZ2ovd18RHoYWIcMGotKnaF0TG1S
|
||||
7QT7YYy59okfujRMTxkyoOef3uqKwq3adq8SJm/Mbi59ETwPcz7qBWDT3DF2RiBBxD0HcCEuAmN5
|
||||
n1il2EPYXMAjiu9cFoYTeavFeBFNoWubs9zgT2Ew4JlGajJpTJC/iMGasc41L0KloUuigXl07JlQ
|
||||
uFffo9FpfYuUWWbZaQ8ZFXkNged4M6xNCyrKp9fpJ3XHT+tVkiwee/jVnB11D6tMqmYPDV3s5pbP
|
||||
q15c9JhdfD8ktqyaLWnruMMbADS2fiPopkl7ugF9IPxW4FSMK1qUKOq150kKkuQ6io3Mv4B/823k
|
||||
iXFzHohw50LPFctXjbSuBUxy5Lq/7/7qcLDklyz9ukYAqKm5/PLz8XoNvSFg6/uGfqvRgnver9Wi
|
||||
ThoFblPphluebJFsotLjLjsdA6N7oc/EO0P2NkZvBoZJDF5LhaIgyr77brcrLS5qWNnwfve7fbW8
|
||||
7T4HyuIg/M7iX+S8FUusnzN1uRMf0k7RHau0c0pvd29QwQdlhu0YWC4ftzYWmq0L6dwpNKpy+8ik
|
||||
8FjP7ySN0JisLJDIA1/BhRr8IFzVjX63kDzKyvdTj/jon3KTu88NfYO5OTDoMKUXEkVeeCkWLxxf
|
||||
lUdGqdmrGw7ZGrqkcC36/+4rT5CY59j2GNi8oqjJhGO9bPSuMu8ghS87c3ZepmIm9Q/hu6aoyNnu
|
||||
5fq+TT2EwYqHwQ+rONwU+889YIcoH0pzjhkP1Ehx8z0Aw4MgzFBq0hjCQSwGOdmWZQ6d7wnxiCFR
|
||||
VSgFsR5JGG6IFabhQfueA9BaJ+LM4Fh8rMpDNp5AAeudZoDtnFA+EgoQD/rO7zzqB5LeNckNlmwI
|
||||
ZI71oqNVdobMaloJxwXIMKBpbLvXVbnDYJOnK+O+YJHDefa5WZgGYWdZU8BKE4o6fyHdrMDBj70x
|
||||
6aBmMPwzzK+HOteTf/SoLiulKLIZQaDOxj2elkrkGnoE3l5flXQcvUQoJE45XoUMNus2+zrjBzp5
|
||||
4kGbMtnelM+3d0OrjBYWY4DPH78XkFQyXEa07TXF12KkqEf+mooyCM9z2edj0fHUk9VrNuqHliTM
|
||||
FoNhzotiq6Tl3elvsSzEVUHzfDItQpW5ntgo6W3G8hWJhBXinemRGR5eviDicox+EmuEhxKzUwjC
|
||||
9BQTU9np9YQvmz3d6F3muV8YLR7KLlp9Ei0jZJ/fju+BGcFO4vgw5xe9eBJW2P+4me/DOewzI8Mr
|
||||
Cuu2p9ivoi2L2NdEuph/HMHPCESFZMmaJkl5fSI4RgutYvEo8vZMZ62CeKOT4mut63lEgGzmdL2I
|
||||
4jyD0d7mt5b9NUYywdUmUHreYSMAHPUzK9u0CnZUyiocdh0036OXQyRUkCWqE5zZ5HPMX4PDXzJZ
|
||||
hxxWFtI1e+jlZR2XUlwMil9P1KykL+E661/aRxGXdRM9mbnmnG2cMPa9frxaoMu2CqYnTxpH5Roj
|
||||
YmWjJMTVhvR2V/JB4V7gZ1jzs1oQKT01c8ZuB79nNkMVZiNjWrAlwKPIYCm7TTz+3e3to833YZI7
|
||||
dkjpKvJPzHUKARkgKmVXCFn23ACRoAuuzsadA9/rItIYgcq5mq2vidELmBtP43xYXtGND53FOhep
|
||||
rF4kQH/I9x1gB4XOYQeKSIahwl3NPFDe+vMdseJTKE0ZwGDvndcR2YB/cKeHVTtyrqV/xjrszg8h
|
||||
dGFu7rE3dDm4It6LE3jk/jN+eKm3ecu/IXjjsPxaCoBNsasAV/4k98epme9JIBqpJXSWV5o0Dngh
|
||||
7xj8h9rj3S+o/nAZhQztJH/HzkWgp5qbEDw5eVoke0no/ZW3zDUeChFISyjm2eyr7tWIFc/1y8Vd
|
||||
dnWwEidBgF9F0A0ayrLUPP+XlOa5o/8lD5KAaPOMZQLfY0brzP0dQ9PvQsi21j9VjYPQ71WB3p//
|
||||
pL7QYdoSUim01CBv/xiTixTtdr3cIJ4xegUo96WXR1XgybN8Ajwbntm7NT4VvF9e0Rg2+LLexNLU
|
||||
Kw2Ged5c7EZlFUhcQJzb8qfIPTiLOwa4UINo/IQDMX5BTGlG9DBssfIapBvIpFQClQNwDsvo+nK4
|
||||
VPSWcsjCxFPMK1dGxe1QXpbKIr1TnraYAN81lSiSCqAzmthPi48+th9V5A+SC0ylPkp07XCMIYDS
|
||||
32EtdOfJue0rMwaiT7toVjTIgghg0+3s/r8DEPnQSjAJ6FfPIdBXn6zxlJKXy4koKsf/yOiZHqYl
|
||||
Zn7jqQsy1dKHG+4P6Y22gXDXoD2jeUrSbvu==
|
||||
HR+cPyh1s9At5o6bJdfDiJXTlfQzmCb2kNduA8kuOHbnyBCNgNZ6qGsGxyl3gNKGeBwlmo2KMX11
|
||||
wpC1Q24CIZZg0qvgCXg6zUCADZj57vSKtM6qSXlXeUz4pttGLr2N1h7ogREdIkKlWuXbbRQR8Cx2
|
||||
HeOKlbtf5+apc0OT0IeBQNlYqLZQ9qz0iejokhwwEBnDfYK10adxIXit+628brUq8bravePLNO1W
|
||||
EWzOLD/jIUMpd9XvOT9s/wu8DR9cf4aOHfb7oLi9PCCW5Bpy+41BpJj/ag9ab364mKoBobw6xIkC
|
||||
zUjnubyn2yPcIO53CMd+rZ0Hisps+hLRyuQ/lGxFvgNi353rSArj/3rFrjZ3O4nt72K25Qe4VOsX
|
||||
lnTZATtGRVkXgnMjaohEegcWpA1ADF4u760bcMVa58U0vP6P2JN2Tz6Apg7Ebr6cpsOpEvfB4nOC
|
||||
1k9GuoLH52gxJuRdlWY6oolSanxfbc/D8jyKzSYr06/4dXj8nNhUWHaQ1Nmk1RcwC+rbVW4Qu+fb
|
||||
SqbLhgHXrUmvBTxHMK0mxH5JCRaSygJkkFuZ/sRwTgnF6goh/PEl7RuAh24EYSDWHBqid62wjkkd
|
||||
ZuoHBcSSDQkvDPlST0AwtI37D9A39jHXTq2MHHrnGj+d9rB/6OA47ZQzmxgiB06LzKH9u2tzvotH
|
||||
EKl2lV7YRn6QbaM+7/r7pJYuJltJ7fQVg+EENaPrJk381EXFkkbst5+k4YM8R5Pm0SfwHwNbtJIk
|
||||
dFmGC9EzL1JwnjROFmUBWdv4TLaON1fLQOeepCNmp5lvMnSrmX7MspDft/w85E8/iLlOPkKWwu3n
|
||||
VDQnPqIP7OhhzYhuE12vIv+LG3TIm48L2LQaMsYX57nNfdWp3muLBAh7B1eW9qq+pGNLTExzZyQ9
|
||||
AF3V8rEzarlQHRKzOHeLx7uIXes7BA5weJXfQF2I6QhiTJaLIOJBHsJU8/hzGUI9nnuOoNIiqf7R
|
||||
/GsjzHVD2/z/lS4Q/KEAC1eb/SiKRCB5oTRiKaMgAOwez0/THw2l+jSZ9x1LjSdildSE5tB3c9yi
|
||||
qaKSlKYndtlUgMqbZuhisWntYSO3uiJSRqGKezdc3eTKT0WwQHSaR8t17aDD2Z0CD5svVB8xmhZz
|
||||
RTlFvxqs6Gjg/iIwe0wP1uAD0snOsefnk0J8U4iBugLd0mu7PTJEqViKy5lf48s3+noCjhC1TvoF
|
||||
yRb1cYWXOIWillw1qoxE48BAXLDG92YdPWJXWZMuStre4TUh+zyRrT/Vbvgh73uqTyZxL6m1WtmZ
|
||||
xuFMdObsrG90NBQe4Mwih/GCn7PIeSDVlDs+d+Ha7mJMMda9/x6KDI+Gyz1jBH9kWnTvOMe5b+ZR
|
||||
c/EA+NYe3zYc7gsyzPsI809HVDHI5sP1xFf7Mgve6z3V2VEbsZGVdvzJX3ZIKCrKZAM605Funrh2
|
||||
AOV6PaMyLjMh+lLA8bGdns8d7oxXju0AQGPmGHzVJfLVQEsfWN4l6H/sOWNnGEUbFpOTgECtYshd
|
||||
ZdU2+i+nSXqex+nTpYuz5AhyPf5ygx57OgmBVsYCkywYHX6R1MkfTutgAouaOPmqoUXG8KlqB1He
|
||||
FZYniI/9PWJBvhTKiKIhJrpxXzntRX29pSS8D++0ml2PsgLAKKDpZReVy0Jn1jNL5n9DQABzNu9i
|
||||
ks6nYlmuwWl/aSmEMKESZboBG1lfO6Fqnsu9btBHJzNUefJnQfs18HIXp5NVclYT2GCRS4PCiuai
|
||||
SvZsEmXLyyu4pgEVcz8lbbl+X13uVj7S3B7uptGpffvlac8tYGBSaqzfpYk5DvTWTK6K1Is1/CPh
|
||||
EBtU0SBV1Jhsei7VdY6gxmdjHaQ5VUM09a/ijtbNtcYoyxJJ/qG1I8F/ITAY4K9TjK4T+RUpZcAs
|
||||
RJStZAbEcKrVCh2bdql4oNq8OSKfbjCEpJYLRIcMtDMllSg7IbPcWIOZv3CoIKB1r8HjqpbEKAAS
|
||||
knwrbMkvcKFOmZ0Z3scS2zLoySsRRh0eSyU1TGE0buM2joZqJu28QSiNUdGP+3JrXED/vhTzfGXT
|
||||
rdhNXyyfG/0B4aYd3bSNa1W7pSnu1UzFqE+g1vz6mqGM5vebjvtaMbGNH0WSQPwKlyLeDC7cYoyK
|
||||
laI339Zmbqg3xLBaEjRBEb77ibvWxivcl+wg9M4WO2HLGGwkA/q8gkyLYI6yCeEbrwiTeO+57JRn
|
||||
qqRFWjMUOxsyLm887vxIPhRdTYjKdq+KIhxQxaUu/bBDVh8nhfBhuSXt1SwFBUc85vcN6f+TU6v7
|
||||
5AGqwy0erSNDEovQ7wB4o5Lz7hCJ0G0a6Nr5xGm3g5pKWdFfcjyWs4aR+/p0Qy0zfxrF51qHYO7z
|
||||
RzKFWRwYlQ9fTIzVZrOq5ls6RqVGh+t0LVx+7T2IBrsy8488V92K5aKZpGf0CW/KSWykIeFFciTT
|
||||
wZxK7t9fxURwgt0sY1Xzq+N9Fusilo8m+W===
|
||||
HR+cPw17Pp99bbi65Fpo4GHHNTVckLIC0uv5XusuwmA1hfwcnxDN5MUGhkE9c9gDj17x6u7WPEWq
|
||||
y40CUsT0xcN2aw0awktGi9bMUrBzAvjx/evd78U51qMP8WCLsy+XwBVdfnQgG025JwASQAxjhWBr
|
||||
WN6/dJxGfWXgMlODfDKMD+6qdtoLKi6SQ3zQ03uI8XQblimvhWdZSK/JcS6xC7zuo9s20Ylohhyq
|
||||
BThiNh6mk9t5w9LQo99qpixpJL0h4h2VgjIdo670Nm87x69y5zh6C5EpDm1hRvT+IaoITokhu6MI
|
||||
ugjBKEp3Cdgn49bCFpl/IcIFxc2dCEyAh34nEo5b2v414YB/GNsZLFXs51NySVeemiXKa9qXjTGp
|
||||
xfKp2a9Efna7SHLlu+OQutiOrOuRo3MtDt+GYo9w85PrXUI+jWNZFvC76eeK2PxVq4LVPBFdp+tp
|
||||
Go1ExtLxcgHKMkMNrX9dCjbrQrAYigTPkWYc7toAJn5BDwI0MhM3PvMifPOgp/WiFHr2rOGXS5hD
|
||||
jqq3UqD5Qzc66ByJ+E38BNnYINEEiqrfHzxwK/HBzPeFMYZMFl3BhbM27fHVRp8DstoPIYUaPvww
|
||||
eaWuQwGk7zi87om/ZnFs/VDUeM3goEx32k7N7JR3xyO0Go6e0jwDaMxT4xyQwuBKtY2B9JDwAhu/
|
||||
5gX0NlNYpr+iAnqplQoyVVL3iPsbXMf8k9C1p8r7TD7WpL/NgdxmpJLJUJQJMMzwnKEfPz+k9tgu
|
||||
MKIw+GbzXEL20DoTGe0CJN53QU9Kkm0L18TV+CzExYEog9Vmzyj6TAifOb37Eq/pwZTzV9aQ+eXW
|
||||
5osxZeVx4VvdMH2zAgWKUL1wXwySB5qBHt3WJ9P5229aD6Ux4Uj2Y1DkjnTga23ZI0GORL4/emQv
|
||||
xGMjpLT4VCBHDgV5CRgunPkVBAZDBugDDGRptBuHsIGfTBYEDJCLDBCj4Nts+Xh7OEWEhbE/MKM/
|
||||
EbHcarzp2+9WnF8W+Ahhwp2U3V/Dkyx36pYCGHoKnOOpqN2OuhtQTbgHpHISCQNCpwlVcF+LU+8s
|
||||
wOeHnmLZGqhoaQ1h6U3WAOpbFxNrcNbN4mZcQXVudLfjEE+ou8UIHbvcfq1y2/jbz4gKb4tuoTHx
|
||||
/UwNBlYiWmDW48wiqtR+Z3SV5bUmvbxqybLpkscX0PoKGoGNuYPExDNlwA2y/UzmUQ2AXMcs+Gxt
|
||||
Klp1CPPm1h2pT02kQYX1fpZllzxqRPXz/7ip+jiQ3rLQnGxcQItXYi0R0kMZ2It7L/OgrgDCReaG
|
||||
Y35+f2T7rnwBTh6N2PKXx76XnubHv1zzcgMHryd6GJIH5ialVn5kYQba8Hi+LJjZA94pnvQ2um5p
|
||||
bwRHSDADjhmxAQ+B0quRi308vyKI4aK6RYm79R9TYrs3jmlMplg9LyEvcPiA6/tj5pfEsPcV/ad4
|
||||
JwdFMgcRa5KQ8VJ57zKPtmcfMY4HqK+cRDAvnQUL8QjCqFB60VixdaXWjUqtRljNvwq3uSXRy26k
|
||||
15E3ChM+fkbcVVn7Lwtfk0Y19/GhXi0W6E4nr8wEdvS17XnWD+X17USpY9uNxTRZvWozf8hS7OgL
|
||||
BA1vUQpeW87VrLLnFaOOBbboXy5Pc38PrcRbZxv1cILl5lq/Vc3iHdf2MCAi6Y3GQ1BMpQC9Kapq
|
||||
Twc5VgH24HEJH5QOdEnoLGmqDD1BFcW+DZvpfh7RWuU3SWxcsIgurI7VNnzjWAw93YutaNurBP1U
|
||||
RbTn3l2yhFEMLLClnNLQL87dkxEgpGAbvd3g2TQ88ZiAg/Y5p6oeN5KnFfkIG0Q+VUNHn+o0cZ2k
|
||||
DlHIlONvAHYs3U+FVS/XxbuNPEVZDS0+JLtDwyxPqIVFNLJvdZipeeWSw+BGpKxIjqwjdd8UavGB
|
||||
76AndaPKJp6glUqrXJze4ME9aigpaScfXorqDsuU7sDRecHbQRJP3FJDb9U+jEZrVbhq95q2B9se
|
||||
dpjgWzvpkNXbNmlKghP39rJPD1FygJCKRbzYyAd4O9GhbWSPfQ2rTAKNZ5cOTIhhfAYkHKYmshK8
|
||||
uftX9LINJfp+WTSm4VS9OFx5d0KcXJqa+oQ/vR0kCASb28eCJ4SXCMDEsA4qIQNNB1ZbinUu2Huh
|
||||
u4tcA+E1OT3Wemb5Ay2RPpYQ1nBkiLQJ/HF41PVYknU5utsgmVcMIpGJyKMjLw2PFqFS2ys9ysYI
|
||||
xiA4o2Ck4V9sDTOuRD66yqKX+NYuWNP8chwvezpveMBQftirAwKtMDfUEFpI/k+lKimtvL53PplU
|
||||
BmQp5FFIy0OW1XzTPM2DMr3940xyqebw/zIs80YPidjFlRMwvdL6oeRBxDQFv7NvmJk4kAbcQOam
|
||||
zRPyXxpZqv9DYBQXWOHKMXOk9XvXBxPWSlP4m4DkkX2uSS526c3MTbcjRGLX01QUNrpZNifdBxAf
|
||||
bZtEBr5pWiSP6aEfWmWMvj4vAGEXgvVJ0VbnEiRz6ar320gljxGaLGm=
|
||||
<?php
|
||||
class Session
|
||||
{
|
||||
public function __construct()
|
||||
{
|
||||
// Ajout du 18/04/2026 pour sécuriser les sessions
|
||||
$redis = new Redis();
|
||||
$redis->connect('127.0.0.1', 6379);
|
||||
ini_set('session.save_handler', 'redis');
|
||||
ini_set('session.save_path', 'tcp://127.0.0.1:6379');
|
||||
// Fin sécurisation des sessions
|
||||
|
||||
session_start();
|
||||
|
||||
// Chargement du helper CSRF
|
||||
require_once 'Csrf.php';
|
||||
}
|
||||
public function detruire()
|
||||
{
|
||||
session_destroy();
|
||||
}
|
||||
public function setAttribut($nom, $valeur)
|
||||
{
|
||||
$_SESSION[$nom] = $valeur;
|
||||
}
|
||||
public function existeAttribut($nom)
|
||||
{
|
||||
return (isset($_SESSION[$nom]) && $_SESSION[$nom] != "");
|
||||
}
|
||||
public function getAttribut($nom)
|
||||
{
|
||||
if ($this->existeAttribut($nom)) {
|
||||
return $_SESSION[$nom];
|
||||
}
|
||||
else {
|
||||
throw new Exception("Attribut '$nom' absent de la session");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -8,6 +8,8 @@
|
|||
// echo session_save_path();
|
||||
// echo ini_get('session.gc_maxlifetime');
|
||||
// echo session_id();
|
||||
|
||||
var_dump($_SESSION['csrf_tokens']);
|
||||
|
||||
?>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user