From d105cefe617921223959fdea47ef6f02d657e5c9 Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Tue, 4 Aug 2020 18:29:23 +0100
Subject: [PATCH] :art: Don't use header() to redirect to /login

Signed-off-by: Luke Tainton <luke@tainton.uk>
---
 app/includes/header.php |   5 ++
 app/public/index.php    | 173 ++++++++++++++++++----------------------
 app/public/new.php      |   6 +-
 app/public/open.php     |   4 -
 app/public/view.php     |  74 ++++++++---------
 5 files changed, 118 insertions(+), 144 deletions(-)

diff --git a/app/includes/header.php b/app/includes/header.php
index 8a7d372..521b451 100644
--- a/app/includes/header.php
+++ b/app/includes/header.php
@@ -8,6 +8,11 @@
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
     <meta name="theme-color" content="#563d7c">
+    <?php
+      if (!is_logged_in()) {
+        echo("<meta http-equiv='refresh' content='0; url=" . $_ENV['APP_URL'] . "/login' />");
+      }
+    ?>
     <title><?php echo( $PAGE_TITLE ); ?></title>
 
     <!-- Bootstrap core CSS -->
diff --git a/app/public/index.php b/app/public/index.php
index 89b1008..e6950a0 100644
--- a/app/public/index.php
+++ b/app/public/index.php
@@ -3,32 +3,28 @@
     require_once __DIR__ . "/../includes/prereqs.php";
     require_once __DIR__ . "/../includes/header.php";
 
-    if (is_signed_in()) {
-      // Get user's own tickets
-      try {
-        $user_tickets_stmt = "SELECT uuid, id, title, description, status FROM tickets WHERE created_by=:uuid";
-        $user_tickets_sql = $db->prepare($user_tickets_stmt);
-        $user_tickets_sql->bindParam(':uuid', $_SESSION['uuid']);
-        $user_tickets_sql->execute();
-        $user_tickets_sql->setFetchMode(PDO::FETCH_ASSOC);
-        $user_tickets_result = $user_tickets_sql->fetchAll();
-      } catch (PDOException $e) {
-        echo("Error: " . $e->getMessage());
-      }
+    // Get user's own tickets
+    try {
+      $user_tickets_stmt = "SELECT uuid, id, title, description, status FROM tickets WHERE created_by=:uuid";
+      $user_tickets_sql = $db->prepare($user_tickets_stmt);
+      $user_tickets_sql->bindParam(':uuid', $_SESSION['uuid']);
+      $user_tickets_sql->execute();
+      $user_tickets_sql->setFetchMode(PDO::FETCH_ASSOC);
+      $user_tickets_result = $user_tickets_sql->fetchAll();
+    } catch (PDOException $e) {
+      echo("Error: " . $e->getMessage());
+    }
 
-      // Get tickets user has subscribed to
-      try {
-        $sub_tickets_stmt = "SELECT ticket_uuid FROM ticket_subscribers WHERE user_uuid=:uuid";
-        $sub_tickets_sql = $db->prepare($sub_tickets_stmt);
-        $sub_tickets_sql->bindParam(':uuid', $_SESSION['uuid']);
-        $sub_tickets_sql->execute();
-        $sub_tickets_sql->setFetchMode(PDO::FETCH_ASSOC);
-        $sub_tickets_result = $sub_tickets_sql->fetchAll();
-      } catch (PDOException $e) {
-        echo("Error: " . $e->getMessage());
-      }
-
-      $user_tickets_sub = 0; // Force 'no subbed tickets' msg until the code works
+    // Get tickets user has subscribed to
+    try {
+      $sub_tickets_stmt = "SELECT ticket_uuid FROM ticket_subscribers WHERE user_uuid=:uuid";
+      $sub_tickets_sql = $db->prepare($sub_tickets_stmt);
+      $sub_tickets_sql->bindParam(':uuid', $_SESSION['uuid']);
+      $sub_tickets_sql->execute();
+      $sub_tickets_sql->setFetchMode(PDO::FETCH_ASSOC);
+      $sub_tickets_result = $sub_tickets_sql->fetchAll();
+    } catch (PDOException $e) {
+      echo("Error: " . $e->getMessage());
     }
 
     function get_sub_ticket($db, $ticket_uuid) {
@@ -77,84 +73,73 @@
         is the one-stop shop for all of your IT-related needs. Let us know how we can help you by opening a request.
       </p>
       <p>
-        <?php
-          if (is_signed_in()) {
-            echo("
-              <a href='/new' class='btn btn-primary my-2'>Create a request</a>
-              <a href='/open' class='btn btn-secondary my-2'>View existing requests</a>
-            ");
-          } else {
-            echo("<b>Please log in to create or view tickets.</b>");
-          }
-        ?>
+        <a href='/new' class='btn btn-primary my-2'>Create a request</a>
+        <a href='/open' class='btn btn-secondary my-2'>View existing requests</a>
       </p>
     </div>
   </section>
 
-  <?php if (is_signed_in()) { ?>
-    <section>
-      <div class="card mx-auto" style="width: 80%;">
-        <div class="card-header">
-          <span class="mdi mdi-ticket-outline"></span> My Open Requests
-        </div>
-        <ul class="list-group list-group-flush">
-          <?php
-            if (count($user_tickets_result) == 0) {
-              echo("<center><b>No open tickets</b></center>");
-            } else {
-              foreach($user_tickets_result as $tkt) {
-          ?>
-          <li class="list-group-item">
-            <div class="container">
-              <div class="row">
-                <div class="col-10">
-                  <span style="display: inline;" class="text-muted">#<?php echo(sprintf("%'.05d\n", $tkt["id"])); ?> </span><span><b><?php echo($tkt['title']); ?></b></span>
-                  <p class="m-0"><?php echo($tkt['description']); ?></p>
-                </div>
-                <div class="col-2">
-                  <a class="btn btn-success float-right" href="view?rid=<?php echo($tkt["uuid"]); ?>" role="button">Go</a>
-                </div>
+  <section>
+    <div class="card mx-auto" style="width: 80%;">
+      <div class="card-header">
+        <span class="mdi mdi-ticket-outline"></span> My Open Requests
+      </div>
+      <ul class="list-group list-group-flush">
+        <?php
+          if (count($user_tickets_result) == 0) {
+            echo("<center><b>No open tickets</b></center>");
+          } else {
+            foreach($user_tickets_result as $tkt) {
+        ?>
+        <li class="list-group-item">
+          <div class="container">
+            <div class="row">
+              <div class="col-10">
+                <span style="display: inline;" class="text-muted">#<?php echo(sprintf("%'.05d\n", $tkt["id"])); ?> </span><span><b><?php echo($tkt['title']); ?></b></span>
+                <p class="m-0"><?php echo($tkt['description']); ?></p>
+              </div>
+              <div class="col-2">
+                <a class="btn btn-success float-right" href="view?rid=<?php echo($tkt["uuid"]); ?>" role="button">Go</a>
               </div>
             </div>
-          </li>
-          <?php } } ?>
-        </ul>
-      </div>
-    </section>
+          </div>
+        </li>
+        <?php } } ?>
+      </ul>
+    </div>
+  </section>
 
-    <section style="margin-top: 1%;">
-      <div class="card mx-auto" style="width: 80%;">
-        <div class="card-header">
-          <span class="mdi mdi-rss"></span> My Subscribed Requests
-        </div>
-        <ul class="list-group list-group-flush">
-          <?php
-            // if ($user_tickets_sub == 0) {
-            if (count($sub_tickets_result) == 0) {
-              echo("<center><b>No subscribed tickets</b></center>");
-            } else {
-              foreach($sub_tickets_result as $sub) {
-                $tkt = get_sub_ticket($db, $sub['ticket_uuid']);
-                $tkt_creator = get_user_name($db, $tkt['created_by']);
-          ?>
-          <li class="list-group-item">
-            <div class="container">
-              <div class="row">
-                <div class="col-10">
-                  <span style="display: inline;" class="text-muted">#<?php echo sprintf("%'.05d\n", $tkt["id"]); ?> </span><span><b><?php echo($tkt['title']); ?></b></span> <span style="display: inline;" class="text-muted"><?php echo("(Creator: " . $tkt_creator . ")"); ?></span>
-                  <p class="m-0"><?php echo($tkt['description']); ?></p>
-                </div>
-                <div class="col-2">
-                  <a class="btn btn-success float-right" href="view?rid=<?php echo($tkt["uuid"]); ?>" role="button">Go</a>
-                </div>
+  <section style="margin-top: 1%;">
+    <div class="card mx-auto" style="width: 80%;">
+      <div class="card-header">
+        <span class="mdi mdi-rss"></span> My Subscribed Requests
+      </div>
+      <ul class="list-group list-group-flush">
+        <?php
+          if (count($sub_tickets_result) == 0) {
+            echo("<center><b>No subscribed tickets</b></center>");
+          } else {
+            foreach($sub_tickets_result as $sub) {
+              $tkt = get_sub_ticket($db, $sub['ticket_uuid']);
+              $tkt_creator = get_user_name($db, $tkt['created_by']);
+        ?>
+        <li class="list-group-item">
+          <div class="container">
+            <div class="row">
+              <div class="col-10">
+                <span style="display: inline;" class="text-muted">#<?php echo sprintf("%'.05d\n", $tkt["id"]); ?> </span><span><b><?php echo($tkt['title']); ?></b></span> <span style="display: inline;" class="text-muted"><?php echo("(Creator: " . $tkt_creator . ")"); ?></span>
+                <p class="m-0"><?php echo($tkt['description']); ?></p>
+              </div>
+              <div class="col-2">
+                <a class="btn btn-success float-right" href="view?rid=<?php echo($tkt["uuid"]); ?>" role="button">Go</a>
               </div>
             </div>
-          </li>
-          <?php } } ?>
-        </ul>
-      </div>
-    </section>
-  <?php } ?>
+          </div>
+        </li>
+        <?php } } ?>
+      </ul>
+    </div>
+  </section>
 
 </main>
 
diff --git a/app/public/new.php b/app/public/new.php
index 892dba3..0686777 100644
--- a/app/public/new.php
+++ b/app/public/new.php
@@ -3,10 +3,6 @@
     require_once __DIR__ . "/../includes/prereqs.php";
     require_once __DIR__ . "/../includes/header.php";
 
-    if (!is_signed_in()) {
-      header('Location: /login');
-    }
-
     // If form submitted, save to database
     if($_SERVER['REQUEST_METHOD'] == 'POST') {
       try {
@@ -69,7 +65,7 @@
 
     <section>
       <div class="card mx-auto" style="width: 50%;">
-        <form action="/new" method="post" enctype="multipart/form-data">
+        <form style="padding: 2%" action="/new" method="post" enctype="multipart/form-data">
           <div class="form-group">
             <label for="title">Title: </label>
             <input type="text" class="form-control" id="title">
diff --git a/app/public/open.php b/app/public/open.php
index 84f4c86..4e6f21a 100644
--- a/app/public/open.php
+++ b/app/public/open.php
@@ -2,10 +2,6 @@
     $PAGE_NAME = "Open requests";
     require_once __DIR__ . "/../includes/prereqs.php";
     require_once __DIR__ . "/../includes/header.php";
-
-    if (!is_signed_in()) {
-      header('Location: /login');
-    }
 ?>
 
 
diff --git a/app/public/view.php b/app/public/view.php
index 2300383..a19df54 100644
--- a/app/public/view.php
+++ b/app/public/view.php
@@ -3,42 +3,40 @@
     require_once __DIR__ . "/../includes/prereqs.php";
     require_once __DIR__ . "/../includes/header.php";
 
-    if (is_signed_in()) {
-      // Get ticket
-      try {
-        $ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
-        $ticket_sql = $db->prepare($ticket_stmt);
-        $ticket_sql->bindParam(':uuid', $_GET['rid']);
-        $ticket_sql->execute();
-        $ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
-        $ticket_result = $ticket_sql->fetchAll();
-        $request = $ticket_result[0];
-      } catch (PDOException $e) {
-        echo("Error: " . $e->getMessage());
-      }
+    // Get ticket
+    try {
+      $ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
+      $ticket_sql = $db->prepare($ticket_stmt);
+      $ticket_sql->bindParam(':uuid', $_GET['rid']);
+      $ticket_sql->execute();
+      $ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
+      $ticket_result = $ticket_sql->fetchAll();
+      $request = $ticket_result[0];
+    } catch (PDOException $e) {
+      echo("Error: " . $e->getMessage());
+    }
 
-      // Get authorised subscribers
-      try {
-        $users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
-        $users_sql = $db->prepare($users_stmt);
-        $users_sql->bindParam(':uuid', $_GET['rid']);
-        $users_sql->execute();
-        $users_sql->setFetchMode(PDO::FETCH_ASSOC);
-        $users_result = $users_sql->fetchAll();
-      } catch (PDOException $e) {
-        echo("Error: " . $e->getMessage());
-      }
+    // Get authorised subscribers
+    try {
+      $users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
+      $users_sql = $db->prepare($users_stmt);
+      $users_sql->bindParam(':uuid', $_GET['rid']);
+      $users_sql->execute();
+      $users_sql->setFetchMode(PDO::FETCH_ASSOC);
+      $users_result = $users_sql->fetchAll();
+    } catch (PDOException $e) {
+      echo("Error: " . $e->getMessage());
+    }
 
-      $authorised_users = array();
-      foreach($users_result as $user) {
-        array_push($authorised_users, $user['user_uuid']);
-      }
+    $authorised_users = array();
+    foreach($users_result as $user) {
+      array_push($authorised_users, $user['user_uuid']);
+    }
 
-      if (in_array($_SESSION['uuid'], $authorised_users)) {
-        $is_authorised = true;
-      } else {
-        $is_authorised = false;
-      }
+    if (in_array($_SESSION['uuid'], $authorised_users)) {
+      $is_authorised = true;
+    } else {
+      $is_authorised = false;
     }
 
 ?>
@@ -48,7 +46,7 @@
 <!-- Begin page content -->
 <main role="main" class="flex-shrink-0">
 
-  <?php if (is_signed_in() && $is_authorised == true) { ?>
+  <?php if ($is_authorised == true) { ?>
     <section class="jumbotron text-center">
       <div class="container">
         <h1><?php echo($request['title']); ?></h1>
@@ -64,18 +62,12 @@
         </p>
       </div>
     </section>
-  <?php } else if (is_signed_in() && $is_authorised == false) { ?>
+  <?php } else if ($is_authorised == false) { ?>
     <section class="jumbotron text-center">
       <div class="container">
         <h1>You are not authorised to see this page.</h1>
       </div>
     </section>
-  <?php } else { ?>
-    <section class="jumbotron text-center">
-      <div class="container">
-        <h1>You need to be logged in to see this page.</h1>
-      </div>
-    </section>
   <?php } ?>
 
 </main>