petites améliorations au système de mot de passe

author: polo <ordipolo@gmx.fr> 2025-06-24 23:57:59 +0200
committer: polo <ordipolo@gmx.fr> 2025-06-24 23:57:59 +0200
commit: 7a13d53e43c7db7fe39474208ffa54ba2906d308 (patch)
tree: 5bb9af2935c0e7c753c5eace6d9e4538c739a383 /public/index.php
parent: 41adf94ebf868232aa43fe9b8b80029896da9da7 (diff)
download: cms-7a13d53e43c7db7fe39474208ffa54ba2906d308.tar.gz
cms-7a13d53e43c7db7fe39474208ffa54ba2906d308.tar.bz2
cms-7a13d53e43c7db7fe39474208ffa54ba2906d308.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/public/index.php b/public/index.php
index d6ca8d4..56af032 100644
--- a/public/index.php
+++ b/public/index.php
@@ -31,6 +31,10 @@ ini_set('session.use_strict_mode', 'On');
 ini_set('session.cookie_secure', 'On');
 session_start();
 $_SESSION['admin'] = !isset($_SESSION['admin']) ? false : $_SESSION['admin']; // intialisation sur faux
+if($_SESSION['admin'] === false || empty($_SESSION['user'])){ // OUT !!
+    $_SESSION['user'] = '';
+    $_SESSION['admin'] = false;
+}
 // login, mot de passe et captcha
 require '../src/controller/password.php';
@@ -49,8 +53,8 @@ require '../src/controller/post.php';
 $id = '';
 if(!empty($_GET['id']))
 {
-    //$id = (int)$_GET['id']; // (int) = moyen basique d'éviter les injections
+    $id = (int)$_GET['id']; // (int) évite les injections, pas parfait d'après chatgpt
-    $id = Security::secureString($_GET['id']);
+    //$id = Security::quelqueChose($_GET['id']);
 }
 if(isset($_GET['action']) && $_GET['action'] === 'deconnexion')
author	polo <ordipolo@gmx.fr>	2025-06-24 23:57:59 +0200
committer	polo <ordipolo@gmx.fr>	2025-06-24 23:57:59 +0200
commit	7a13d53e43c7db7fe39474208ffa54ba2906d308 (patch)
tree	5bb9af2935c0e7c753c5eace6d9e4538c739a383 /public/index.php
parent	41adf94ebf868232aa43fe9b8b80029896da9da7 (diff)
download	cms-7a13d53e43c7db7fe39474208ffa54ba2906d308.tar.gz cms-7a13d53e43c7db7fe39474208ffa54ba2906d308.tar.bz2 cms-7a13d53e43c7db7fe39474208ffa54ba2906d308.zip