2025-10-08 14:23:07 +03:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace Core;
|
|
|
|
|
|
|
|
|
|
class Auth
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* Check if user is authenticated
|
|
|
|
|
*/
|
|
|
|
|
public static function check(): bool
|
|
|
|
|
{
|
|
|
|
|
return isset($_SESSION['user_id']);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get current user ID
|
|
|
|
|
*/
|
|
|
|
|
public static function id(): ?int
|
|
|
|
|
{
|
|
|
|
|
return $_SESSION['user_id'] ?? null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get current username
|
|
|
|
|
*/
|
|
|
|
|
public static function username(): ?string
|
|
|
|
|
{
|
|
|
|
|
return $_SESSION['username'] ?? null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get current user's full name
|
|
|
|
|
*/
|
|
|
|
|
public static function fullName(): ?string
|
|
|
|
|
{
|
|
|
|
|
return $_SESSION['full_name'] ?? null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Require authentication (redirect to login if not authenticated)
|
|
|
|
|
*/
|
|
|
|
|
public static function require(): void
|
|
|
|
|
{
|
|
|
|
|
// Get current path
|
|
|
|
|
$currentPath = parse_url($_SERVER['REQUEST_URI'] ?? '/', PHP_URL_PATH);
|
|
|
|
|
|
Upgraded to 1.1.0
1.1.0 (2025-10-09)
- **User Notifications System** - In-app notification center with 7 notification types, filtering, pagination
- **Advanced Session Management** - Database-backed sessions with geolocation (country, city, ISP)
- **Remote Session Control** - Terminate any device instantly with immediate logout validation
- **Enhanced Profile Page** - Sidebar navigation with 4 tabs, hash-based routing (#profile, #security, #sessions)
- **MVC Architecture Refactoring** - 3 new Helpers (Layout, Domain, Session), ~265 lines cleaned from views
- **Geolocation Tracking** - IP-based location detection using ip-api.com, country flags with flag-icons
- **Device Detection** - Browser & device type parsing (Chrome/Firefox/Safari, Desktop/Mobile/Tablet)
- **Auto-Detected Cron Paths** - Settings show actual installation paths (thanks @jadeops)
- **Welcome Notifications** - Sent to new users on registration or fresh install
- **Upgrade Notifications** - Admins notified on system updates with version & migration count
- **Web-Based Installer** - Replaces CLI, auto-generates encryption key, one-time password display
- **Web-Based Updater** - `/install/update` for running new migrations with smart detection
- **User Registration** - Full signup flow with email verification, password reset, resend verification
- **User Management** - CRUD for users with filtering, sorting, pagination (admin-only)
- **Remember Me** - 30-day secure tokens linked to sessions, cascade deletion on logout
- **Session Validator** - Middleware validates sessions on every request for instant remote logout
- **Consistent UI/UX** - Unified filtering, sorting, pagination across Domains, Users, Notifications, TLD Registry
- **Smart Migrations** - Consolidated schema for fresh installs, incremental for upgrades
- **XSS Protection** - htmlspecialchars() applied across all user-facing data (thanks @jadeops)
2025-10-09 18:02:46 +03:00
|
|
|
// Public paths that don't require authentication
|
|
|
|
|
$publicPaths = [
|
|
|
|
|
'/login',
|
|
|
|
|
'/logout',
|
|
|
|
|
'/register',
|
|
|
|
|
'/forgot-password',
|
|
|
|
|
'/reset-password',
|
|
|
|
|
'/verify-email',
|
|
|
|
|
'/resend-verification',
|
|
|
|
|
'/install'
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
// Don't redirect if on a public path
|
|
|
|
|
foreach ($publicPaths as $path) {
|
|
|
|
|
if (strpos($currentPath, $path) === 0) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
2025-10-08 14:23:07 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!self::check()) {
|
|
|
|
|
$_SESSION['error'] = 'Please login to continue';
|
|
|
|
|
header('Location: /login');
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|