Initial commit - Last War messaging system

2026-02-19 01:33:28 -06:00
commit 38a8447a64
2162 changed files with 216183 additions and 0 deletions
--- a/includes/session_check.php
+++ b/includes/session_check.php
@@ -0,0 +1,87 @@
+<?php
+
+require_once __DIR__ . '/env_loader.php';
+
+function checkSession(): void
+{
+    if (session_status() === PHP_SESSION_NONE) {
+        $domain = $_ENV['APP_URL'] ?? getenv('APP_URL') ?? '';
+        if ($domain) {
+            $parsed = parse_url($domain);
+            $host = $parsed['host'] ?? $_SERVER['HTTP_HOST'] ?? '';
+            session_set_cookie_params([
+                'lifetime' => 0,
+                'path' => '/',
+                'domain' => $host,
+                'secure' => true,
+                'httponly' => true,
+                'samesite' => 'Strict'
+            ]);
+        }
+        session_start();
+    }
+
+    validateSessionDomain();
+
+    if (!isset($_SESSION['user_id'])) {
+        $basePath = dirname($_SERVER['PHP_SELF']);
+        if ($basePath === '/' || $basePath === '\\') {
+            $basePath = '';
+        }
+        header('Location: ' . $basePath . '/login.php');
+        exit;
+    }
+}
+
+function validateSessionDomain(): void
+{
+    $allowedDomain = $_ENV['APP_URL'] ?? getenv('APP_URL') ?? '';
+    
+    if (empty($allowedDomain)) {
+        return;
+    }
+    
+    $parsed = parse_url($allowedDomain);
+    $allowedHost = $parsed['host'] ?? '';
+    $currentHost = $_SERVER['HTTP_HOST'] ?? '';
+    
+    if (strcasecmp($allowedHost, $currentHost) !== 0) {
+        session_unset();
+        session_destroy();
+        $scheme = $parsed['scheme'] ?? 'https';
+        $loginUrl = $scheme . '://' . $allowedHost . '/login.php';
+        header('Location: ' . $loginUrl);
+        exit;
+    }
+}
+
+function isAdmin(): bool
+{
+    return isset($_SESSION['role']) && $_SESSION['role'] === 'admin';
+}
+
+function requireAdmin(): void
+{
+    checkSession();
+    
+    if (!isAdmin()) {
+        header('HTTP/1.1 403 Forbidden');
+        echo 'Acceso denegado';
+        exit;
+    }
+}
+
+function getCurrentUserId(): int
+{
+    return $_SESSION['user_id'] ?? 0;
+}
+
+function getCurrentUsername(): string
+{
+    return $_SESSION['username'] ?? '';
+}
+
+function getCurrentUserRole(): string
+{
+    return $_SESSION['role'] ?? 'guest';
+}