Sécurité et qualité : headers HTTP, permissions .env, lint PHPStan + PHP-CS-Fixer, réorganisation dossiers, scripts de déploiement

2026-05-08 13:18:00 +02:00
parent 700329f156
commit 70304d3b31
44 changed files with 776 additions and 670 deletions
@@ -0,0 +1,10 @@
+<div class="container">
+  <footer class="py-3 my-4">
+    <ul class="nav justify-content-center border-bottom pb-3 mb-3">
+      <li class="nav-item"><a href="https://alpinux.org/mentions-legales" class="nav-link px-2 text-body-secondary">Mentions légales</a></li>
+      <li class="nav-item"><a href="/index/a-propos" class="nav-link px-2 text-body-secondary">A propos</a></li>
+    </ul>
+    <p class="text-center text-body-secondary">Association 1901 - <a href="https://alpinux.org/">Alpinux, le LUG de Savoie</a></p>
+  </footer>
+</div>
+
@@ -0,0 +1,49 @@
+
+
+  <div class="container">
+    <header class="d-flex flex-wrap align-items-center justify-content-center justify-content-md-between py-3 mb-4 border-bottom">
+     <a href="/" class="d-flex align-items-center text-body-emphasis text-decoration-none">
+       <img width="32" src="/img/logo-mail.svg" class="bi me-2" >
+       <span class="fs-4">Mug ALPINUX</span>
+     </a>
+
+      <ul class="nav col-12 col-md-auto mb-2 justify-content-center mb-md-0">
+        
+      </ul>
+      
+      
+<?php
+    // Créer une instance de MessageManager avec le fichier de base de données SQLite
+    $messageManager = new ace\MessageManager('database.db');
+
+if ($messageManager->sessionAlready()) {
+    ?>
+
+        <div class="dropdown text-end">
+          <a href="#" class="d-block link-dark text-decoration-none dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false">
+            <?php echo $messageManager->getUsername($_SESSION['user_id']); ?>
+          </a>
+          <ul class="dropdown-menu text-small">
+            <li><a class="dropdown-item" href="/user/parametres">Paramètres <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-sliders" viewBox="0 0 16 16">
+  <path fill-rule="evenodd" d="M11.5 2a1.5 1.5 0 1 0 0 3 1.5 1.5 0 0 0 0-3zM9.05 3a2.5 2.5 0 0 1 4.9 0H16v1h-2.05a2.5 2.5 0 0 1-4.9 0H0V3h9.05zM4.5 7a1.5 1.5 0 1 0 0 3 1.5 1.5 0 0 0 0-3zM2.05 8a2.5 2.5 0 0 1 4.9 0H16v1H6.95a2.5 2.5 0 0 1-4.9 0H0V8h2.05zm9.45 4a1.5 1.5 0 1 0 0 3 1.5 1.5 0 0 0 0-3zm-2.45 1a2.5 2.5 0 0 1 4.9 0H16v1h-2.05a2.5 2.5 0 0 1-4.9 0H0v-1h9.05z"/>
+</svg></a></li>
+            <li><a class="dropdown-item" href="/user/profil">Profil <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-person-vcard" viewBox="0 0 16 16">
+          <path d="M5 8a2 2 0 1 0 0-4 2 2 0 0 0 0 4Zm4-2.5a.5.5 0 0 1 .5-.5h4a.5.5 0 0 1 0 1h-4a.5.5 0 0 1-.5-.5ZM9 8a.5.5 0 0 1 .5-.5h4a.5.5 0 0 1 0 1h-4A.5.5 0 0 1 9 8Zm1 2.5a.5.5 0 0 1 .5-.5h3a.5.5 0 0 1 0 1h-3a.5.5 0 0 1-.5-.5Z"/>
+          <path d="M2 2a2 2 0 0 0-2 2v8a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V4a2 2 0 0 0-2-2H2ZM1 4a1 1 0 0 1 1-1h12a1 1 0 0 1 1 1v8a1 1 0 0 1-1 1H8.96c.026-.163.04-.33.04-.5C9 10.567 7.21 9 5 9c-2.086 0-3.8 1.398-3.984 3.181A1.006 1.006 0 0 1 1 12V4Z"/>
+        </svg></a></li>
+            <li><hr class="dropdown-divider"></li>
+            <li><a class="dropdown-item" href="/user/disconnect">Déconnexion <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-box-arrow-right" viewBox="0 0 16 16">
+  <path fill-rule="evenodd" d="M10 12.5a.5.5 0 0 1-.5.5h-8a.5.5 0 0 1-.5-.5v-9a.5.5 0 0 1 .5-.5h8a.5.5 0 0 1 .5.5v2a.5.5 0 0 0 1 0v-2A1.5 1.5 0 0 0 9.5 2h-8A1.5 1.5 0 0 0 0 3.5v9A1.5 1.5 0 0 0 1.5 14h8a1.5 1.5 0 0 0 1.5-1.5v-2a.5.5 0 0 0-1 0v2z"/>
+  <path fill-rule="evenodd" d="M15.854 8.354a.5.5 0 0 0 0-.708l-3-3a.5.5 0 0 0-.708.708L14.293 7.5H5.5a.5.5 0 0 0 0 1h8.793l-2.147 2.146a.5.5 0 0 0 .708.708l3-3z"/>
+</svg></a></li>
+          </ul>
+        </div>
+
+
+<?php
+}
+?>
+    </header>
+  </div>
+
+
@@ -22,9 +22,9 @@ ob_start();
                <div class="card-text text-body">
                    <?php
                    $html = $Parsedown->text($post['content']);
-                    $preview = mb_strimwidth(strip_tags($html), 0, 300, '…');
-                    echo '<p>' . $preview . '</p>';
-                    ?>
+    $preview = mb_strimwidth(strip_tags($html), 0, 300, '…');
+    echo '<p>' . $preview . '</p>';
+    ?>
                </div>

                <p class="text-muted small mt-auto mb-2">📅 Publié le <?= date('d/m/Y', strtotime($post['created_at'])) ?></p>
@@ -42,5 +42,5 @@ ob_start();

 <?php
 $content = ob_get_clean();
-$title = "Liste des posts";
+$title = 'Liste des posts';
 include __DIR__ . '/layout.php';
@@ -36,8 +36,8 @@ $files = $fileManager->getFilesForPost($post['id']);
                                        <div class="card-body">
                                            <?php
                                            $fileUrl = $publicDir . '/' . $file['file_path'];
-                                            $type = $file['file_type'];
-                                            ?>
+                      $type = $file['file_type'];
+                      ?>

                                            <?php if ($type === 'image'): ?>
                                                          <img src="<?= $fileUrl ?>" class="img-fluid" alt="<?= htmlspecialchars($file['original_name']) ?>">
@@ -67,4 +67,4 @@ $files = $fileManager->getFilesForPost($post['id']);
 <?php
 $content = ob_get_clean();
 $title = htmlspecialchars($post['title']);
-include __DIR__ . '/layout.php';
+include __DIR__ . '/layout.php';