Check for admin
This commit is contained in:
Hickmeister
@@ -1,4 +1,6 @@
|
||||
<?php include '../src/session_check.php'; ?>
|
||||
<?php include '../src/session_check.php';
|
||||
checkUserRole(['admin']);
|
||||
?>
|
||||
|
||||
<html lang="en" data-bs-theme="light">
|
||||
<head>
|
||||
|
||||
@@ -5,6 +5,7 @@ require_once '../envLoader.php';
|
||||
loadEnv(__DIR__ . '/../../.env');
|
||||
|
||||
include '../src/session_check.php';
|
||||
checkUserRole(['admin']);
|
||||
|
||||
use Goutte\Client;
|
||||
|
||||
|
||||
@@ -75,5 +75,28 @@
|
||||
</ul>
|
||||
</div>
|
||||
</nav>
|
||||
<?php if (isset($_SESSION['errorMessage'])): ?>
|
||||
<div id="sessionAlert" class="alert alert-danger alert-dismissible fade show" role="alert">
|
||||
<?php echo $_SESSION['errorMessage']; ?>
|
||||
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
|
||||
</div>
|
||||
<script>
|
||||
document.addEventListener('DOMContentLoaded', function () {
|
||||
setTimeout(function () {
|
||||
let alertElement = document.getElementById('sessionAlert');
|
||||
if (alertElement) {
|
||||
alertElement.classList.remove('show');
|
||||
alertElement.classList.add('fade');
|
||||
alertElement.addEventListener('transitionend', function () {
|
||||
alertElement.remove();
|
||||
});
|
||||
}
|
||||
}, 4000);
|
||||
|
||||
// Clear the session variable after rendering
|
||||
<?php unset($_SESSION['errorMessage']); ?>
|
||||
});
|
||||
</script>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
</header>
|
||||
@@ -1,6 +1,38 @@
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
// Configuration for session timeout (in seconds)
|
||||
define('SESSION_TIMEOUT', 1800); // 30 minutes
|
||||
|
||||
// Check if the user is logged in
|
||||
if (!isset($_SESSION['userId'])) {
|
||||
redirectToLogin("You must be logged in to access this page.");
|
||||
}
|
||||
|
||||
// Session Timeout Check
|
||||
if (isset($_SESSION['lastActivity']) && (time() - $_SESSION['lastActivity']) > SESSION_TIMEOUT) {
|
||||
// Session expired
|
||||
session_unset();
|
||||
session_destroy();
|
||||
redirectToLogin("Session expired. Please log in again.");
|
||||
} else {
|
||||
$_SESSION['lastActivity'] = time(); // Update activity timestamp
|
||||
}
|
||||
|
||||
// Function to check user roles
|
||||
function checkUserRole($allowedRoles = []) {
|
||||
if (!isset($_SESSION['role']) || !in_array($_SESSION['role'], $allowedRoles)) {
|
||||
$_SESSION['errorMessage'] = "Access denied: You do not have the required permissions.";
|
||||
header("Location: dashboard.php"); // Redirect to dashboard or another page
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
// Function to redirect to login with optional message
|
||||
function redirectToLogin($message = '') {
|
||||
if (!empty($message)) {
|
||||
$_SESSION['errorMessage'] = $message;
|
||||
}
|
||||
header("Location: login.php");
|
||||
exit();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user