api_secure

🔧 extract_token

Extraction du token d'authentification de l'entête

function extract_token($header){
        $auth = $header['Authorization'] ?? null;
        if (empty($auth)) {
            $this->client_token = $_POST['token'];
        }else {
            $this->client_token = $auth ? str_replace("Bearer ", "", $auth) : null;
        }
    }

⚙️ Parameters

$header (array)

↩️ Returns

(void)

🔧 extract_session_id

Extraction de l'id de session php

function extract_session_id($header) {

        $cookies = isset($header['Cookie']) ? explode(';', $header['Cookie']) : [];
        if (empty($cookies)) {
            $this->client_session = $_POST['PHPSESSID'];
        }else {
            foreach ($cookies as $cookie) {
                $cookie = trim($cookie);
                if (strpos($cookie, "PHPSESSID") === 0) {
                    $this->client_session = str_replace("PHPSESSID=", "", $cookie);
                }
            // ... (truncated)

↩️ Returns

(void)

🔧 secure_connexion

Validation de session par comparaison de token et de session_id

function secure_connexion()
    {

        session_start();
        header('Content-Type: application/json');
        $header = apache_request_headers();
        $this->extract_token($header);
        $this->extract_session_id($header);



        $secure =(
            isset($_SESSION['token']) && isset($_SESSION['session_id'])
            &&
            $_SESSION['token'] === $this->client_token
            // ... (truncated)

⚙️ Parameters

$token (string) Le jeton à valider.
$session_id (string) L'id de session à valider.

↩️ Returns

(array) contenant les clefs statut et message.