Improve inventory handling and cookie management:

- Replace old cookie logic with `Set_Cookie()` for enhanced security (SameSite, Secure, HttpOnly). - Add dynamic AIX/Linux filtering on `/X/Inventory.php` with checkbox-driven UI and adjusted SQL queries. - Expand `/X/Inventory.php` table with additional columns (`BES`, `FI`) and enhance data validation/styling. - Add `decypher()` function in `Z_data_linux.php` to support OpenSSL-based file decryption with error handling.
2025-10-14 11:08:42 +02:00
parent dcfe098f35
commit ea46ba5c8f
8 changed files with 569 additions and 241 deletions
--- a/include/all.php
+++ b/include/all.php
@@ -259,27 +259,78 @@
    return $pdo;
  }

+  //Cookie//
+  function Set_Cookie() {
+    // --- paramètres ---
+    $cookieName   = 'UserInfo';
+    $cookieLife   = 86400 * 365;           // 1 an
+    $cookieDomain = '.appliarmony.net';
+    $secureFlag   = true;
+    $httpOnly     = true;
+    $sameSite     = 'Lax';

+    // --- helpers ---
+    $now = date('Y-m-d H:i:s');

-  //Set Cookies
-  $secretKey = 'impossibleatrouvercommeca';
-  $remoteUser = $_SERVER['REMOTE_USER'] ?? null;
-  if ($remoteUser) {
-    $expiration = time() + 3600; // Token is valid for 1 hour
-    $payload = base64_encode($remoteUser . '|' . $expiration); // Combine user and expiration
-    $signature = hash_hmac('sha256', $payload, $secretKey);
-    $cookieValue = $payload . '.' . $signature;
+    // IP client: XFF (première IP) -> fallback REMOTE_ADDR
+    $ip = '';
+    if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+      $parts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
+      $cand  = trim($parts[0]);
+      if (filter_var($cand, FILTER_VALIDATE_IP)) $ip = $cand;
+    }
+    if (!$ip && !empty($_SERVER['REMOTE_ADDR'])) $ip = $_SERVER['REMOTE_ADDR'];

-    // Set the cookie
-    setcookie('AuthToken', $cookieValue, [
-      'expires' => time() + 3600,
-      'path' => '/',
-      'domain' => '.appliarmony.net',
-      'secure' => false, // true quand HTTPS
-      'httponly' => true,
-      'samesite' => 'Lax'
-    ]);
+    // User Windows (SSO)
+    $user = $_SERVER['REMOTE_USER'] ?? null;
+    $hasUser = !empty($user);
+
+    // --- lecture éventuelle du cookie existant ---
+    $cookie = [];
+    if (!empty($_COOKIE[$cookieName])) {
+      $decoded = json_decode($_COOKIE[$cookieName], true);
+      if (is_array($decoded)) $cookie = $decoded;
+    }
+
+    // --- écriture/MAJ SEULEMENT si on a un REMOTE_USER ---
+    if ($hasUser) {
+      if (empty($cookie) || ($cookie['user'] ?? null) !== $user) {
+        // Nouveau cookie ou changement d’utilisateur → reset
+        $cookie = [
+          'user'    => $user,
+          'ip'      => $ip,
+          'created' => $now,
+          'last'    => $now
+        ];
+      } else {
+        // Même user → on rafraîchit last + IP
+        $cookie['ip']   = $ip ?: ($cookie['ip'] ?? '');
+        $cookie['last'] = $now;
+      }
+
+      // Écrire le cookie (évite d’écrire si headers déjà envoyés)
+      if (!headers_sent()) {
+        setcookie($cookieName, json_encode($cookie), [
+          'expires'  => time() + $cookieLife,
+          'path'     => '/',
+          'domain'   => $cookieDomain,
+          'secure'   => $secureFlag,
+          'httponly' => $httpOnly,
+          'samesite' => $sameSite
+        ]);
+      }
+    }
+
+    // --- exposer des constantes pour le reste du code ---
+    // Priorité: si on a REMOTE_USER on l’utilise; sinon on retombe sur le cookie existant; sinon vide/anonyme.
+    $currentUser = $hasUser ? $user : ($cookie['user'] ?? 'Anonymous');
+    $currentIp = $hasUser ? $ip : ($cookie['ip'] ?? ($_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'] ?? ''));
+
+    if (!defined('CURRENT_USER')) define('CURRENT_USER', $currentUser);
+    if (!defined('CURRENT_IP'))   define('CURRENT_IP',   $currentIp);
+    if (!defined('COOKIE_INFO'))  define('COOKIE_INFO',  $cookie);
  }
+  Set_Cookie();

 ?>