Check for admin
This commit is contained in:
Hickmeister
@@ -1,4 +1,6 @@
|
|||||||
<?php include '../src/session_check.php'; ?>
|
<?php include '../src/session_check.php';
|
||||||
|
checkUserRole(['admin']);
|
||||||
|
?>
|
||||||
|
|
||||||
<html lang="en" data-bs-theme="light">
|
<html lang="en" data-bs-theme="light">
|
||||||
<head>
|
<head>
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ require_once '../envLoader.php';
|
|||||||
loadEnv(__DIR__ . '/../../.env');
|
loadEnv(__DIR__ . '/../../.env');
|
||||||
|
|
||||||
include '../src/session_check.php';
|
include '../src/session_check.php';
|
||||||
|
checkUserRole(['admin']);
|
||||||
|
|
||||||
use Goutte\Client;
|
use Goutte\Client;
|
||||||
|
|
||||||
|
|||||||
@@ -75,5 +75,28 @@
|
|||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
</nav>
|
</nav>
|
||||||
|
<?php if (isset($_SESSION['errorMessage'])): ?>
|
||||||
|
<div id="sessionAlert" class="alert alert-danger alert-dismissible fade show" role="alert">
|
||||||
|
<?php echo $_SESSION['errorMessage']; ?>
|
||||||
|
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
|
||||||
|
</div>
|
||||||
|
<script>
|
||||||
|
document.addEventListener('DOMContentLoaded', function () {
|
||||||
|
setTimeout(function () {
|
||||||
|
let alertElement = document.getElementById('sessionAlert');
|
||||||
|
if (alertElement) {
|
||||||
|
alertElement.classList.remove('show');
|
||||||
|
alertElement.classList.add('fade');
|
||||||
|
alertElement.addEventListener('transitionend', function () {
|
||||||
|
alertElement.remove();
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}, 4000);
|
||||||
|
|
||||||
|
// Clear the session variable after rendering
|
||||||
|
<?php unset($_SESSION['errorMessage']); ?>
|
||||||
|
});
|
||||||
|
</script>
|
||||||
|
<?php endif; ?>
|
||||||
</div>
|
</div>
|
||||||
</header>
|
</header>
|
||||||
@@ -1,6 +1,38 @@
|
|||||||
<?php
|
<?php
|
||||||
session_start();
|
session_start();
|
||||||
|
|
||||||
|
// Configuration for session timeout (in seconds)
|
||||||
|
define('SESSION_TIMEOUT', 1800); // 30 minutes
|
||||||
|
|
||||||
|
// Check if the user is logged in
|
||||||
if (!isset($_SESSION['userId'])) {
|
if (!isset($_SESSION['userId'])) {
|
||||||
|
redirectToLogin("You must be logged in to access this page.");
|
||||||
|
}
|
||||||
|
|
||||||
|
// Session Timeout Check
|
||||||
|
if (isset($_SESSION['lastActivity']) && (time() - $_SESSION['lastActivity']) > SESSION_TIMEOUT) {
|
||||||
|
// Session expired
|
||||||
|
session_unset();
|
||||||
|
session_destroy();
|
||||||
|
redirectToLogin("Session expired. Please log in again.");
|
||||||
|
} else {
|
||||||
|
$_SESSION['lastActivity'] = time(); // Update activity timestamp
|
||||||
|
}
|
||||||
|
|
||||||
|
// Function to check user roles
|
||||||
|
function checkUserRole($allowedRoles = []) {
|
||||||
|
if (!isset($_SESSION['role']) || !in_array($_SESSION['role'], $allowedRoles)) {
|
||||||
|
$_SESSION['errorMessage'] = "Access denied: You do not have the required permissions.";
|
||||||
|
header("Location: dashboard.php"); // Redirect to dashboard or another page
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Function to redirect to login with optional message
|
||||||
|
function redirectToLogin($message = '') {
|
||||||
|
if (!empty($message)) {
|
||||||
|
$_SESSION['errorMessage'] = $message;
|
||||||
|
}
|
||||||
header("Location: login.php");
|
header("Location: login.php");
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user