From bcb7d7ea7d9fff9e457833f78c9ea6e8e267ee69 Mon Sep 17 00:00:00 2001
From: Hickmeister <35031453+Hickmeister@users.noreply.github.com>
Date: Sun, 5 Jan 2025 13:24:10 +0000
Subject: [PATCH] Check for admin

---
 public/addFilament.php              |  4 +++-
 src/filamentTracker/addFilament.php |  1 +
 src/header.php                      | 23 +++++++++++++++++++++
 src/session_check.php               | 32 +++++++++++++++++++++++++++++
 4 files changed, 59 insertions(+), 1 deletion(-)

diff --git a/public/addFilament.php b/public/addFilament.php
index 99199a6..a8b3e72 100644
--- a/public/addFilament.php
+++ b/public/addFilament.php
@@ -1,4 +1,6 @@
-<?php include '../src/session_check.php'; ?>
+<?php include '../src/session_check.php'; 
+checkUserRole(['admin']);
+?>
 
 <html lang="en" data-bs-theme="light">
 <head>
diff --git a/src/filamentTracker/addFilament.php b/src/filamentTracker/addFilament.php
index 0993f63..f1d8197 100644
--- a/src/filamentTracker/addFilament.php
+++ b/src/filamentTracker/addFilament.php
@@ -5,6 +5,7 @@ require_once '../envLoader.php';
 loadEnv(__DIR__ . '/../../.env');
 
 include '../src/session_check.php';
+checkUserRole(['admin']);
 
 use Goutte\Client;
 
diff --git a/src/header.php b/src/header.php
index f70249b..09bcff6 100644
--- a/src/header.php
+++ b/src/header.php
@@ -75,5 +75,28 @@
 						</ul>
 					</div>
 				</nav>
+				<?php if (isset($_SESSION['errorMessage'])): ?>
+					<div id="sessionAlert" class="alert alert-danger alert-dismissible fade show" role="alert">
+						<?php echo $_SESSION['errorMessage']; ?>
+						<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
+					</div>
+					<script>
+						document.addEventListener('DOMContentLoaded', function () {
+							setTimeout(function () {
+								let alertElement = document.getElementById('sessionAlert');
+								if (alertElement) {
+									alertElement.classList.remove('show');
+									alertElement.classList.add('fade');
+									alertElement.addEventListener('transitionend', function () {
+										alertElement.remove();
+									});
+								}
+							}, 4000);
+
+							// Clear the session variable after rendering
+							<?php unset($_SESSION['errorMessage']); ?>
+						});
+					</script>
+				<?php endif; ?>
 			</div>
 		</header>
\ No newline at end of file
diff --git a/src/session_check.php b/src/session_check.php
index f34a1fb..d878d5f 100644
--- a/src/session_check.php
+++ b/src/session_check.php
@@ -1,6 +1,38 @@
 <?php
 session_start();
+
+// Configuration for session timeout (in seconds)
+define('SESSION_TIMEOUT', 1800); // 30 minutes
+
+// Check if the user is logged in
 if (!isset($_SESSION['userId'])) {
+    redirectToLogin("You must be logged in to access this page.");
+}
+
+// Session Timeout Check
+if (isset($_SESSION['lastActivity']) && (time() - $_SESSION['lastActivity']) > SESSION_TIMEOUT) {
+    // Session expired
+    session_unset();
+    session_destroy();
+    redirectToLogin("Session expired. Please log in again.");
+} else {
+    $_SESSION['lastActivity'] = time(); // Update activity timestamp
+}
+
+// Function to check user roles
+function checkUserRole($allowedRoles = []) {
+    if (!isset($_SESSION['role']) || !in_array($_SESSION['role'], $allowedRoles)) {
+        $_SESSION['errorMessage'] = "Access denied: You do not have the required permissions.";
+        header("Location: dashboard.php");  // Redirect to dashboard or another page
+        exit();
+    }
+}
+
+// Function to redirect to login with optional message
+function redirectToLogin($message = '') {
+    if (!empty($message)) {
+        $_SESSION['errorMessage'] = $message;
+    }
     header("Location: login.php");
     exit();
 }