Check for admin

System
2025-01-05 13:24:10 +00:00 · 2025-01-05 13:23:55 +00:00
6 changed files with 117 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -11,3 +11,4 @@ etsyTokens.json
 .DS_Store
 node_modules/
 vendor/
 logs/
--- a/.htaccess
+++ b/.htaccess
@@ -0,0 +1,57 @@
 RewriteEngine On
 # Fix for nginx proxy to avoid internal server errors
 RewriteBase /
 # Redirect all traffic to the public folder, but allow existing files/directories
 RewriteCond %{REQUEST_URI} !^/public/
 RewriteCond %{DOCUMENT_ROOT}/public%{REQUEST_URI} -f [OR]
 RewriteCond %{DOCUMENT_ROOT}/public%{REQUEST_URI} -d
 RewriteRule ^(.*)$ /public/$1 [L,QSA]
 # Handle cases where the file doesn't exist
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule . /public/index.php [L]
 # Ensure directory listing is disabled
 Options -Indexes
 # Enable compression
 <IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
 </IfModule>
 # Leverage browser caching
 <IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType text/html "access plus 1 month"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType text/javascript "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType application/x-shockwave-flash "access plus 1 month"
    ExpiresByType application/pdf "access plus 1 month"
 </IfModule>
 # Basic security headers
 <IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
 </IfModule>
 # Handle 404 errors
 ErrorDocument 404 /public/404.html
 # Handle PHP execution if needed
 <FilesMatch "\.php$">
    SetHandler application/x-httpd-php
 </FilesMatch>
 # Deny access to sensitive files
 <FilesMatch "^\.(htaccess|htpasswd|env|ini|log|sh|sql|bak|config)$">
    Require all denied
 </FilesMatch>
--- a/public/addFilament.php
+++ b/public/addFilament.php
@@ -1,4 +1,6 @@
-<?php include '../src/session_check.php'; ?>
+<?php include '../src/session_check.php'; 
 checkUserRole(['admin']);
 ?>
 <html lang="en" data-bs-theme="light">
 <head>
--- a/src/filamentTracker/addFilament.php
+++ b/src/filamentTracker/addFilament.php
@@ -5,6 +5,7 @@ require_once '../envLoader.php';
 loadEnv(__DIR__ . '/../../.env');
 include '../src/session_check.php';
 checkUserRole(['admin']);
 use Goutte\Client;
--- a/src/header.php
+++ b/src/header.php
@@ -75,5 +75,28 @@
 						</ul>
 					</div>
 				</nav>
 				<?php if (isset($_SESSION['errorMessage'])): ?>
 					<div id="sessionAlert" class="alert alert-danger alert-dismissible fade show" role="alert">
 						<?php echo $_SESSION['errorMessage']; ?>
 						<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
 					</div>
 					<script>
 						document.addEventListener('DOMContentLoaded', function () {
 							setTimeout(function () {
 								let alertElement = document.getElementById('sessionAlert');
 								if (alertElement) {
 									alertElement.classList.remove('show');
 									alertElement.classList.add('fade');
 									alertElement.addEventListener('transitionend', function () {
 										alertElement.remove();
 									});
 								}
 							}, 4000);
 							// Clear the session variable after rendering
 							<?php unset($_SESSION['errorMessage']); ?>
 						});
 					</script>
 				<?php endif; ?>
 			</div>
 		</header>
--- a/src/session_check.php
+++ b/src/session_check.php
@@ -1,6 +1,38 @@
 <?php
 session_start();
 // Configuration for session timeout (in seconds)
 define('SESSION_TIMEOUT', 1800); // 30 minutes
 // Check if the user is logged in
 if (!isset($_SESSION['userId'])) {
    redirectToLogin("You must be logged in to access this page.");
 }
 // Session Timeout Check
 if (isset($_SESSION['lastActivity']) && (time() - $_SESSION['lastActivity']) > SESSION_TIMEOUT) {
    // Session expired
    session_unset();
    session_destroy();
    redirectToLogin("Session expired. Please log in again.");
 } else {
    $_SESSION['lastActivity'] = time(); // Update activity timestamp
 }
 // Function to check user roles
 function checkUserRole($allowedRoles = []) {
    if (!isset($_SESSION['role']) || !in_array($_SESSION['role'], $allowedRoles)) {
        $_SESSION['errorMessage'] = "Access denied: You do not have the required permissions.";
        header("Location: dashboard.php");  // Redirect to dashboard or another page
        exit();
    }
 }
 // Function to redirect to login with optional message
 function redirectToLogin($message = '') {
    if (!empty($message)) {
        $_SESSION['errorMessage'] = $message;
    }
    header("Location: login.php");
    exit();
 }
Author	SHA1	Message	Date
Hickmeister	bcb7d7ea7d	Check for admin	2025-01-05 13:24:10 +00:00
Hickmeister	e9908bd65b	System	2025-01-05 13:23:55 +00:00