Proper handling of authenticated state on important pages.

Signed-off-by: Jérôme Benoit <jerome.benoit@piment-noir.org>

diff --git a/includes/account.php b/includes/account.php
index dc254491f554d190cadf40e0a2a12608f48e23c1..9e725c3ac9bbfd753afdef4924492a8f6f2a7744 100644 (file)
--- a/includes/account.php
+++ b/includes/account.php
@@ -3,6 +3,7 @@ global $is_logged_in;
 if (!$is_logged_in) {
     echo "Please login first.";
     redirect("index.php?page=login", 2);
 if (!$is_logged_in) {
     echo "Please login first.";
     redirect("index.php?page=login", 2);

+    exit();

 }
 ?>
 
 }
 ?>
 

diff --git a/includes/formbooking.php b/includes/formbooking.php
index f1a5fe90f778f688c32d1841a7cc1552568d91b5..8df025e9fb5a29f4f3b99db5d5de1db83695a96a 100644 (file)
--- a/includes/formbooking.php
+++ b/includes/formbooking.php
@@ -28,7 +28,7 @@ if (!$form_return_flight) {
     $input_failure = true;
 }
 
     $input_failure = true;
 }
 

-if (!$input_failure && !empty($form_nb_place) && !empty($form_class_name)) {
+if (!$input_failure && $is_logged_in && !empty($form_nb_place) && !empty($form_class_name)) {

     global $connection;
     $client_id = get_client_id($_SESSION['email']);
     $nb_booked = nb_booked($client_id, $form_flight_id);
     global $connection;
     $client_id = get_client_id($_SESSION['email']);
     $nb_booked = nb_booked($client_id, $form_flight_id);


@@ -52,7 +52,7 @@ if (!$input_failure && !empty($form_nb_place) && !empty($form_class_name)) {
     $rows = $connection->get_result_array();
     $connection->close_prepared_query();
     foreach ($rows as $row) {
     $rows = $connection->get_result_array();
     $connection->close_prepared_query();
     foreach ($rows as $row) {

-        echo "(Simulation de paiement d'une re&#769;servation) <br>"
+        echo "(Simulation de paiement d'une re&#769;servation) <br>";

         echo "Vous avez re&#769;serve&#769; et paye&#769; " . $form_nb_place . " place(s) sur le vol " .$form_flight_id .
              " au de&#769;part de " . $row['VilleD'].  " a&#768; " . $row['DateD'] . " arrivant a&#768; " . $row['VilleA'] . " a&#768; " . $row['DateA'] .
              " pour un montant de " . $form_place_price * $form_nb_place . "&euro;. <br>";
         echo "Vous avez re&#769;serve&#769; et paye&#769; " . $form_nb_place . " place(s) sur le vol " .$form_flight_id .
              " au de&#769;part de " . $row['VilleD'].  " a&#768; " . $row['DateD'] . " arrivant a&#768; " . $row['VilleA'] . " a&#768; " . $row['DateA'] .
              " pour un montant de " . $form_place_price * $form_nb_place . "&euro;. <br>";


@@ -64,6 +64,8 @@ if (!$input_failure && !empty($form_nb_place) && !empty($form_class_name)) {
     } else {
         redirect("index.php?page=reservations", 3);
     }
     } else {
         redirect("index.php?page=reservations", 3);
     }

+} else {
+    echo "Make an error message. <br>";

 }
 
 ?>
 }
 
 ?>

diff --git a/includes/reservations.php b/includes/reservations.php
index 79ded0e133e893d26e865568a9ed76b24d4beb8f..44208ba7dc85e41f5380e4e40ccf9a190c358f1f 100644 (file)
--- a/includes/reservations.php
+++ b/includes/reservations.php
@@ -3,6 +3,7 @@ global $is_logged_in;
 if (!$is_logged_in) {
     echo "Please login first.";
     redirect("index.php?page=login", 2);
 if (!$is_logged_in) {
     echo "Please login first.";
     redirect("index.php?page=login", 2);

+    exit();

 }
 ?>
 <h1>Mes re&#769;servations</h1>
 }
 ?>
 <h1>Mes re&#769;servations</h1>