From 5b85933ab78fa96600af095b5682f0341a0372b7 Mon Sep 17 00:00:00 2001
From: polo <ordipolo@gmx.fr>
Date: Wed, 21 May 2025 22:17:12 +0200
Subject: =?UTF-8?q?en=20fait=20=C3=A7a=20va?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/controller/password.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/controller/password.php b/src/controller/password.php
index 074ffb1..4748d9d 100644
--- a/src/controller/password.php
+++ b/src/controller/password.php
@@ -61,7 +61,6 @@ function createPassword(EntityManager $entityManager)
 	}
 	else
 	{
-		// -> caractères HTML dangereux supprimés
 		$login = Security::secureString($_POST['login']);
 		$password = Security::secureString($_POST['password']);
 		
@@ -85,6 +84,8 @@ function createPassword(EntityManager $entityManager)
 		else
 		{
 			$error = 'bad_password';
+
+			// compteur dans la session et blocage de compte
 		}
 	}
 	
@@ -154,14 +155,15 @@ function connect(LoginBuilder $builder, EntityManager $entityManager)
 	}
 	else // c'est OK
 	{
-		$login = $_POST['login'];
-		$password = htmlspecialchars($_POST['password']);
+		$login = Security::secureString($_POST['login']);
+		$password = Security::secureString($_POST['password']);
 		$user = getUser($login, $entityManager);
 
 		// enregistrement et redirection
 		if(!empty($user) && $login === $user->getLogin() && password_verify($password, $user->getPassword()))
 		{
 			session_start();
+			session_regenerate_id(true); // protection fixation de session, si l'attaquant a créé un cookie de session (attaque XSS), il est remplacé
 			$_SESSION['user'] = $login;
 			$_SESSION['admin'] = true;
 			$link = new URL(isset($_GET['from']) ? ['page' => $_GET['from']] : []);
-- 
cgit v1.2.3