<?php

require_once "../env.inc.php";
require_once "../conf.inc.php";
require_once DIR_PHP_LAYOUTS . "header.php";

secureSession::start();
require_once "../access.inc.php";
require_once DIR_PHP_LAYOUTS . "events.session.php";

// Validation CSRF pour les soumissions POST
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Validation via header AJAX
    if (!csrf::validateHeader('events-ajax', 'X-CSRF-Token')) {
        error_log("CSRF validation failed for events submit from IP: " . ($_SERVER['REMOTE_ADDR'] ?? 'unknown'));

        if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest') {
            http_response_code(403);
            header('Content-Type: application/json');
            echo json_encode([
                'success' => false,
                'error' => 'csrf_failed',
                'message' => 'Token de sécurité invalide. Veuillez recharger la page.'
            ]);
            exit();
        } else {
            header('Location: /');
            exit();
        }
    }
}

get::submit();