43 lines
1.3 KiB
PHP
43 lines
1.3 KiB
PHP
<?php
|
|
|
|
session_start();
|
|
|
|
$listeDomaines = '../../domaines-autorises.txt';
|
|
if (isset($_SESSION['domainesAutorises']) || file_exists($listeDomaines)) {
|
|
if (isset($_SESSION['domainesAutorises']) && $_SESSION['domainesAutorises'] !== '') {
|
|
$domainesAutorises = $_SESSION['domainesAutorises'];
|
|
} else if (file_exists($listeDomaines)) {
|
|
$domainesAutorises = file_get_contents($listeDomaines);
|
|
$_SESSION['domainesAutorises'] = $domainesAutorises;
|
|
}
|
|
$domainesAutorises = explode(',', $domainesAutorises);
|
|
$origine = $_SERVER['SERVER_NAME'];
|
|
if (in_array($origine, $domainesAutorises, true)) {
|
|
header('Access-Control-Allow-Origin: $origine');
|
|
header('Access-Control-Allow-Methods: POST');
|
|
header('Access-Control-Max-Age: 1000');
|
|
header('Access-Control-Allow-Headers: Content-Type, X-Requested-With');
|
|
} else {
|
|
header('Location: /');
|
|
exit();
|
|
}
|
|
} else {
|
|
header('Access-Control-Allow-Origin: *');
|
|
header('Access-Control-Allow-Methods: POST');
|
|
header('Access-Control-Max-Age: 1000');
|
|
header('Access-Control-Allow-Headers: Content-Type, X-Requested-With');
|
|
}
|
|
|
|
if (!empty($_POST['creation'])) {
|
|
$config = file_get_contents('../../config-digidoc.json');
|
|
$json = json_decode($config, true);
|
|
$etherpad_server = $json['ETHERPAD_SERVER'];
|
|
$id = uniqid('', false);
|
|
echo $etherpad_server . '/p/' . $id;
|
|
exit();
|
|
} else {
|
|
header('Location: /');
|
|
}
|
|
|
|
?>
|