From bc24cb0e862c66475ac04a4c5fab3eac48bcf4a1 Mon Sep 17 00:00:00 2001
From: polo <ordipolo@gmx.fr>
Date: Sun, 29 Mar 2026 21:19:42 +0200
Subject: =?UTF-8?q?contr=C3=B4les=20dans=20INSTALLATION=20n=C3=A9c=C3=A9ss?=
 =?UTF-8?q?itent=20root=20(meilleures=20performances)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 public/index.php        |  9 +++++----
 src/service/session.php | 20 ++++++++++++--------
 2 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/public/index.php b/public/index.php
index a12bc47..db8808e 100644
--- a/public/index.php
+++ b/public/index.php
@@ -37,11 +37,15 @@ URL::setHost($_SERVER['HTTP_HOST'] . Config::$index_path);
 // $entityManager
 require '../src/model/doctrine-bootstrap.php'; // isDevMode est sur "true", DSN à adapter
 
+// session
+require('../src/service/session.php');
+startSession($entityManager);
+
 // mode de fonctionnement
 AppMode::load($entityManager);
 
 // tests de bon fonctionnement
-if(AppMode::is('maintenance')){
+if(IS_ADMIN && AppMode::is('maintenance')){
     Installation::phpDependancies();
     Installation::checkFilesAndFoldersRights();
 
@@ -51,9 +55,6 @@ if(AppMode::is('maintenance')){
 
 $request = Request::createFromGlobals();
 
-// session
-require('../src/service/session.php');
-
 // en mode maintenance laisser la possibilité de se logger, bloquer le reste du site aux visiteurs
 if(AppMode::is('maintenance') && !IS_ADMIN
     && !($request->query->has('page') && $request->query->get('page') === 'connection')
diff --git a/src/service/session.php b/src/service/session.php
index 57f2143..24023e9 100644
--- a/src/service/session.php
+++ b/src/service/session.php
@@ -4,17 +4,21 @@
 // à voir si c'est mieux avec:
 //use Symfony\Component\HttpFoundation\Session\Session;
 
+// note: session_regenerate_id(true) se trouve dans UserController::connect
 
-ini_set('session.cookie_samesite', 'Strict');
-ini_set('session.cookie_httponly', 'On');
-ini_set('session.use_strict_mode', 'On');
-ini_set('session.cookie_secure', 'On');
-session_start();
-validateSession($entityManager);
+use Doctrine\ORM\EntityManager;
 
-// note: session_regenerate_id(true) se trouve dans UserController::connect
+function startSession(EntityManager $entityManager): void
+{
+	ini_set('session.cookie_samesite', 'Strict');
+	ini_set('session.cookie_httponly', 'On');
+	ini_set('session.use_strict_mode', 'On');
+	ini_set('session.cookie_secure', 'On');
+	session_start();
+	validateSession($entityManager);
+}
 
-function validateSession($entityManager): void
+function validateSession(EntityManager $entityManager): void
 {
 	if(defined('IS_ADMIN')){
 		return;
-- 
cgit v1.2.3