From f78b341761ca9547a4a73b3e27814946434cb254 Mon Sep 17 00:00:00 2001
From: =?utf8?q?J=C3=A9r=C3=B4me=20Benoit?= <jerome.benoit@piment-noir.org>
Date: Tue, 16 Jan 2018 21:32:27 +0100
Subject: [PATCH] Proper handling of authenticated state on important pages.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jérôme Benoit <jerome.benoit@piment-noir.org>
---
 includes/account.php      | 1 +
 includes/formbooking.php  | 6 ++++--
 includes/reservations.php | 1 +
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/includes/account.php b/includes/account.php
index dc25449..9e725c3 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -3,6 +3,7 @@ global $is_logged_in;
 if (!$is_logged_in) {
     echo "Please login first.";
     redirect("index.php?page=login", 2);
+    exit();
 }
 ?>
 
diff --git a/includes/formbooking.php b/includes/formbooking.php
index f1a5fe9..8df025e 100644
--- a/includes/formbooking.php
+++ b/includes/formbooking.php
@@ -28,7 +28,7 @@ if (!$form_return_flight) {
     $input_failure = true;
 }
 
-if (!$input_failure && !empty($form_nb_place) && !empty($form_class_name)) {
+if (!$input_failure && $is_logged_in && !empty($form_nb_place) && !empty($form_class_name)) {
     global $connection;
     $client_id = get_client_id($_SESSION['email']);
     $nb_booked = nb_booked($client_id, $form_flight_id);
@@ -52,7 +52,7 @@ if (!$input_failure && !empty($form_nb_place) && !empty($form_class_name)) {
     $rows = $connection->get_result_array();
     $connection->close_prepared_query();
     foreach ($rows as $row) {
-        echo "(Simulation de paiement d'une re&#769;servation) <br>"
+        echo "(Simulation de paiement d'une re&#769;servation) <br>";
         echo "Vous avez re&#769;serve&#769; et paye&#769; " . $form_nb_place . " place(s) sur le vol " .$form_flight_id .
              " au de&#769;part de " . $row['VilleD'].  " a&#768; " . $row['DateD'] . " arrivant a&#768; " . $row['VilleA'] . " a&#768; " . $row['DateA'] .
              " pour un montant de " . $form_place_price * $form_nb_place . "&euro;. <br>";
@@ -64,6 +64,8 @@ if (!$input_failure && !empty($form_nb_place) && !empty($form_class_name)) {
     } else {
         redirect("index.php?page=reservations", 3);
     }
+} else {
+    echo "Make an error message. <br>";
 }
 
 ?>
diff --git a/includes/reservations.php b/includes/reservations.php
index 79ded0e..44208ba 100644
--- a/includes/reservations.php
+++ b/includes/reservations.php
@@ -3,6 +3,7 @@ global $is_logged_in;
 if (!$is_logged_in) {
     echo "Please login first.";
     redirect("index.php?page=login", 2);
+    exit();
 }
 ?>
 <h1>Mes re&#769;servations</h1>
-- 
2.34.1