From 5238d3d630a97b33fb24e823238e2b8c02c68e29 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 11 Dec 2017 18:20:13 +0100
Subject: [PATCH] Move authentication check into lib/auth.php

---
 htdocs/admin.php      | 18 +++---------------
 htdocs/alias.php      | 19 +++----------------
 htdocs/compte.php     | 23 +++--------------------
 htdocs/domaine.php    | 20 +++-----------------
 htdocs/help.php       | 22 +++-------------------
 htdocs/lib/auth.php   | 11 +++++++++++
 htdocs/superadmin.php | 19 +++----------------
 7 files changed, 29 insertions(+), 103 deletions(-)
 create mode 100644 htdocs/lib/auth.php

diff --git a/htdocs/admin.php b/htdocs/admin.php
index 7c4df28..b9c7dfb 100644
--- a/htdocs/admin.php
+++ b/htdocs/admin.php
@@ -10,19 +10,14 @@
  * @version 1.0
  */
 
+// Force authentication on this page
+require_once("lib/auth.php");
+
 /**
  * Path
  */
 define('EVOADMIN_BASE','./');
 
-//recuperer la session en cours
-session_name('EVOADMIN_SESS');
-session_start();
-
-// TODO : restrictions if non superadmin
-
-if (isset($_SESSION['login'])) {
-
     /**
      * Requires
      */
@@ -30,8 +25,6 @@ if (isset($_SESSION['login'])) {
 
     include EVOADMIN_BASE . 'inc/haut.php';
 
-    $login = $_SESSION['login'];
-
     if (isset($_GET['domain'])) {
         // TODO : verifier si le domaine existe !!
         $_SESSION['domain'] = Html::clean($_GET['domain']);
@@ -174,11 +167,6 @@ if (isset($_SESSION['login'])) {
 
 <?php
 
-} else { //if (isset($_SESSION['login']))
-    header("location: auth.php\n\n");
-    exit(0);
-}
-
 include EVOADMIN_BASE . 'inc/fin.php';
 
 ?>
diff --git a/htdocs/alias.php b/htdocs/alias.php
index d19d673..64d9ae2 100644
--- a/htdocs/alias.php
+++ b/htdocs/alias.php
@@ -10,24 +10,18 @@
  * @version 1.0
  */
 
+// Force authentication on this page
+require_once("lib/auth.php");
+
 /**
  * Path
  */
 define('EVOADMIN_BASE','./');
 
-/**
- * PHP cookies session
- */
-session_name('EVOADMIN_SESS');
-session_start();
-
-if (isset($_SESSION['login']))
-{
     require_once EVOADMIN_BASE . 'lib/common.php';
 
     include EVOADMIN_BASE . 'inc/haut.php';
 
-    $login = $_SESSION['login'];
     $rdn = $_SESSION['rdn'];
 
     include EVOADMIN_BASE . 'inc/debut.php';
@@ -463,13 +457,6 @@ if (isset($_SESSION['login']))
         }
     }
 
-} //if (isset($_SESSION['login'])) 
-else
-{
-    header("location: auth.php\n\n");
-    exit(0);
-}
-
 include EVOADMIN_BASE . 'inc/fin.php';
 
 ?>
diff --git a/htdocs/compte.php b/htdocs/compte.php
index d337b33..35437ec 100644
--- a/htdocs/compte.php
+++ b/htdocs/compte.php
@@ -10,24 +10,14 @@
  * @version 1.0
  */
 
+// Force authentication on this page
+require_once("lib/auth.php");
+
 /**
  * Path
  */
 define('EVOADMIN_BASE','./');
 
-/**
- * PHP cookies session
- */
-session_name('EVOADMIN_SESS');
-session_start();
-
-
-if (isset($_SESSION['login']))
-{
-
-    // $login var need for inc/debut.php
-    $login = $_SESSION['login'];
-
     /**
      * Requires
      */
@@ -972,13 +962,6 @@ if (isset($_SESSION['login']))
         }
     }
 
-} //if (isset($_SESSION['login']))
-else
-{
-    header("location: auth.php\n\n");
-    exit(0);
-}
-
 include EVOADMIN_BASE . 'inc/fin.php';
 
 ?>
diff --git a/htdocs/domaine.php b/htdocs/domaine.php
index ab31d5c..491b245 100644
--- a/htdocs/domaine.php
+++ b/htdocs/domaine.php
@@ -10,27 +10,19 @@
  * @version 1.0
  */
 
+// Force authentication on this page
+require_once("lib/auth.php");
+
 /**
  * Path
  */
 define('EVOADMIN_BASE','./');
 
-/**
- * PHP cookies session
- */
-session_name('EVOADMIN_SESS');
-session_start();
-
-if (isset($_SESSION['login'])) {
-
     /**
      * Requires
      */
     require_once EVOADMIN_BASE . 'lib/common.php';
 
-    // $login var need for inc/debut.php
-    $login = $_SESSION['login'];
-
     include EVOADMIN_BASE . 'inc/haut.php';
     include EVOADMIN_BASE . 'inc/debut.php';
 
@@ -241,12 +233,6 @@ if (isset($_SESSION['login'])) {
         }
     }
 
-//if (isset($_SESSION['login'])) 
-} else {
-    header("location: auth.php\n\n");
-    exit(0);
-}
-
 include EVOADMIN_BASE . 'inc/fin.php';
 
 ?>
diff --git a/htdocs/help.php b/htdocs/help.php
index 8ec00a6..c3b5647 100644
--- a/htdocs/help.php
+++ b/htdocs/help.php
@@ -10,27 +10,18 @@
  * @version 1.0
  */
 
+// Force authentication on this page
+require_once("lib/auth.php");
+
 /**
  * Path
  */
 define('EVOADMIN_BASE','./');
 
-/**
- * PHP cookies session
- */
-session_name('EVOADMIN_SESS');
-session_start();
-
-if (isset($_SESSION['login']))
-{
-
     $rep = './';
     require_once($rep. 'lib/common.php');
 
     include($rep. 'inc/haut.php');
-
-    $login = $_SESSION['login'];
-
     include($rep. 'inc/debut.php');
 
 ?>
@@ -86,13 +77,6 @@ if (isset($_SESSION['login']))
                     
 <?php
 
-} //if (isset($_SESSION['login'])) 
-else
-{
-    header("location: auth.php\n\n");
-    exit(0);
-}
-
 include EVOADMIN_BASE . 'inc/fin.php';
 
 ?>
diff --git a/htdocs/lib/auth.php b/htdocs/lib/auth.php
new file mode 100644
index 0000000..ae5a2e3
--- /dev/null
+++ b/htdocs/lib/auth.php
@@ -0,0 +1,11 @@
+<?php
+
+session_name('EVOADMIN_SESS');
+session_start();
+
+if (empty($_SESSION['login'])) {
+    header("location: auth.php\n\n");
+    exit(0);
+} else {
+    $login = $_SESSION['login'];
+}
diff --git a/htdocs/superadmin.php b/htdocs/superadmin.php
index 05aca29..4bdb902 100644
--- a/htdocs/superadmin.php
+++ b/htdocs/superadmin.php
@@ -10,6 +10,9 @@
  * @version 1.0
  */
 
+// Force authentication on this page
+require_once("lib/auth.php");
+
 /*
  * Functions
  */
@@ -50,14 +53,6 @@ function show_domaine_details($domain) {
  */
 define('EVOADMIN_BASE','./');
 
-/**
- * PHP cookies session
- */
-session_name('EVOADMIN_SESS');
-session_start();
-
-if (isset($_SESSION['login'])) {
-
     /**
      * Requires
      */
@@ -65,8 +60,6 @@ if (isset($_SESSION['login'])) {
 
     include EVOADMIN_BASE . 'inc/haut.php';
 
-    $login = $_SESSION['login'];
-
     // pas de domaine/variable domaine sur superadmin.php
     unset($_SESSION['domain']); 
 
@@ -186,12 +179,6 @@ if (isset($_SESSION['login'])) {
        </div>
 
 		<?php
-//if (isset($_SESSION['login']))
-} else {
-
-    header("location: auth.php\n\n");
-    exit(0);
-}
 
 include(EVOADMIN_BASE . 'inc/fin.php');