From adac990d8397035e005664ff21f5608babf949a5 Mon Sep 17 00:00:00 2001
From: Eirik Th S <eirik@flowtivity.io>
Date: Tue, 4 May 2021 14:50:04 +0200
Subject: [PATCH] Fix verification of logged in status

---
 plan/index.php   | 29 ++++++++++++++++++++++++++++-
 webdata/init.php | 17 ++++++++++++++++-
 2 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/plan/index.php b/plan/index.php
index 9630357..34ca261 100644
--- a/plan/index.php
+++ b/plan/index.php
@@ -1,4 +1,4 @@
-<?php $rPath = "../"; require $rPath.'webdata/init.php'; ?><!DOCTYPE html>
+<?php $rPath = "../"; require $rPath.'webdata/init.php'; requireLogin(); ?><!DOCTYPE html>
 <html lang="en">
 <head>
     <?=getHtmlHeaders($rPath);?>
@@ -32,5 +32,32 @@
 
     <script src='plan.js'></script>
 
+
+    <!--<div style='width: 30rem; margin: auto; margin-bottom: 100px;'>
+        <form action='#!' class='form-row input-group input-group-sm addItemForm'>
+            <div class="form-control form-floating">
+                <input type='text' id='newItemName0' class='form-control newItemName' placeholder='New Item Name' aria-label='New Item Name'>
+                <label for="newItemName0">New Item Name</label>
+            </div>
+            <div class="form-control form-floating">
+                <input type='number' id='newItemPrice0' class='form-control newItemPrice' value='0' min='0' step='.01' aria-label='Price'>
+                <label for="newItemPrice0">Price</label>
+            </div>
+            <div class='input-group-append'>
+                <input type='image' class='form-control addItem' src='../icon/plus.svg' alt='+'>
+            </div>
+        </form>
+    </div>-->
+
+
+
+
+
+
+
+
+
+
+
 </body>
 </html>
\ No newline at end of file
diff --git a/webdata/init.php b/webdata/init.php
index b736256..a615057 100644
--- a/webdata/init.php
+++ b/webdata/init.php
@@ -150,6 +150,10 @@ function checkLogin(): bool{
         session_start();
     }
 
+    if(!isset($_SESSION['user_id'])){
+        return false;
+    }
+
     if(md5($_SERVER['HTTP_USER_AGENT']) == @$_SESSION['user_agent']){
         $verifyLoginRes = $db->query("SELECT ckey FROM user WHERE user_id = ".$_SESSION['user_id']);
         list($cKey) = $verifyLoginRes->fetch_row();
@@ -158,7 +162,18 @@ function checkLogin(): bool{
         }
     }
 
-    unset($_SESSION['user_key']);
+    unset($_SESSION['user_id']);
+    return false;
+}
+
+function requireLogin(): bool{
+    global $config;
+    if(checkLogin()){
+        return true;
+    }
+
+    $_SERVER['HTTP_REFERER'] = $_SERVER['PHP_SELF'];
+    header("Location: ".$config["general"]["projectRoot"]."/login.php");
     return false;
 }