500) { return false; } return $msg; } /* ======================= ANTI PROMPT INJECTION ======================= */ function isPromptInjection(string $msg): bool { // regex solide : détecte toutes les tentatives d'instructions systèmes, "ignore", "révèle", "prompt", etc. $pattern = '/\b(ignore|oublie|révèle|prompt|instructions?|system|agis comme|tu es maintenant|roleplay|administrateur)\b/i'; return preg_match($pattern, $msg) === 1; } /* ======================= API CALL ======================= */ function callDeepSeekAPI(string $userMessage): string { $payload = [ 'model' => 'deepseek-chat', 'messages' => [ ['role' => 'system', 'content' => SYSTEM_PROMPT], ['role' => 'user', 'content' => $userMessage] ], 'max_tokens' => 800, 'temperature' => 0, 'top_p' => 1 ]; $ch = curl_init('https://api.deepseek.com/v1/chat/completions'); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_POST => true, CURLOPT_POSTFIELDS => json_encode($payload), CURLOPT_HTTPHEADER => [ 'Content-Type: application/json', 'Authorization: Bearer ' . API_KEY ], CURLOPT_TIMEOUT => 15 ]); $response = curl_exec($ch); $http = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($http !== 200 || !$response) { return 'Erreur du service.'; } $json = json_decode($response, true); return $json['choices'][0]['message']['content'] ?? 'Erreur de réponse.'; } /* ======================= AJAX HANDLER ======================= */ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['message'])) { if (!isAjax()) { http_response_code(403); echo json_encode(['error' => 'Requête interdite']); exit; } if (!isset($_POST['csrf']) || $_POST['csrf'] !== $_SESSION['csrf']) { http_response_code(403); echo json_encode(['error' => 'CSRF invalide']); exit; } if ($_SESSION['message_count'] >= 1) { echo json_encode(['error' => 'LIMIT_REACHED']); exit; } $message = sanitizeMessage($_POST['message']); if ($message === false) { echo json_encode(['error' => 'Message invalide']); exit; } // anti prompt injection if (isPromptInjection($message)) { echo json_encode(['response' => 'Demande à Bouchra.']); exit; } $_SESSION['message_count']++; $reply = callDeepSeekAPI($message); echo json_encode([ 'response' => $reply ]); exit; } ?> Assistant IA
Assistant IA
Bonjour, comment puis‑je vous aider ?
Pour plus, prends l'abonnement en demandant à Bouchra