From dcf45f3492afc4c14d6db0166627f61ed5bd8e5d Mon Sep 17 00:00:00 2001
From: Thomas Rubini <74205383+ThomasRubini@users.noreply.github.com>
Date: Tue, 17 Jan 2023 11:38:13 +0100
Subject: [PATCH] add Session class in Kernel

---
 Controllers/UserController.php | 22 +++-------------
 Kernel/Session.php             | 46 ++++++++++++++++++++++++++++++++++
 Models/UserModel.php           | 12 +++++++++
 3 files changed, 62 insertions(+), 18 deletions(-)
 create mode 100644 Kernel/Session.php

diff --git a/Controllers/UserController.php b/Controllers/UserController.php
index 86656d7..8145900 100644
--- a/Controllers/UserController.php
+++ b/Controllers/UserController.php
@@ -35,8 +35,8 @@ final class UserController
             return View::show("user/signin", array("success" => False, "msg" => "This account is disabled"));
         }
 
-        session_start();
-        $_SESSION["ID"] = $A_user["ID"];
+        Session::start($A_user["ID"]);
+        
         View::show("user/signin", array("success" => True));
     }
 
@@ -71,8 +71,7 @@ final class UserController
 
     public function logoutAction(Array $A_urlParams = null, Array $A_postParams = null)
     {
-        session_start();
-        session_destroy();
+        Session::destroy();
         header("Location: /");
     }
 
@@ -82,20 +81,7 @@ final class UserController
             return View::show("errors/404");
         }
 
-        session_start();
-        
-        if(!isset($_SESSION) || !isset($_SESSION["ID"])){
-            echo "301 NOT LOGIN";
-            return;
-        }
-
-        $O_userModel = new UserModel();
-        $A_user = $O_userModel->getUserByID($_SESSION["ID"]);
-        if ($A_user == null){
-            // User has been deleted ?!
-            echo "Error loading your profile ?";
-            return;
-        }
+        Session::login_or_die();
 
         return View::show("user/view", $A_user);
     }
diff --git a/Kernel/Session.php b/Kernel/Session.php
new file mode 100644
index 0000000..42c3d65
--- /dev/null
+++ b/Kernel/Session.php
@@ -0,0 +1,46 @@
+<?php
+
+final class Session
+{
+    public static function start($I_id)
+    {
+        session_start();
+        $_SESSION["ID"] = $I_id;
+    }
+
+    public static function destroy()
+    {
+        session_start();
+        session_destroy();
+    }
+
+    public static function has_session()
+    {
+        if (!isset($_SESSION)) {
+            return false;
+        }
+        if (!isset($_SESSION["ID"])) {
+            return False;
+        }        
+    }
+
+    public static function is_login()
+    {
+        if (!has_session()) {
+            return false;
+        }
+
+        // ensure account has not been deleted/disabled in the meantime
+        $O_userModel = new UserModel();
+        return $O_userModel->isUserActive($_SESSION["ID"]);
+
+    }
+
+    public static function login_or_die()
+    {
+        if (!self::has_session()) {
+            header("Location: /user/login?return_uri=".$_SERVER["REQUEST_URI"]);
+            die();
+        }
+    }
+}
diff --git a/Models/UserModel.php b/Models/UserModel.php
index d777c11..1902dd3 100644
--- a/Models/UserModel.php
+++ b/Models/UserModel.php
@@ -57,4 +57,16 @@ final class UserModel
         if ($row === false) return null;
         return $row["USERNAME"];
     }
+
+    public function isUserActive($I_id)
+    {
+        $O_model = Model::get();
+        $stmt = $O_model->prepare("SELECT DISABLED FROM USER WHERE ID=:id");
+        $stmt->bindParam("id", $I_id);
+        $stmt->execute();
+        
+        $row = $stmt->fetch();
+        if ($row === false) return false;
+        return $row["DISABLED"] === 0;
+    }
 }