User authentication mechanism

1 files changed, 37 insertions, 0 deletions

diff --git a/login-ajax.php b/login-ajax.php
new file mode 100644
index 0000000..f8e1424
--- /dev/null
+++ b/login-ajax.php
@@ -0,0 +1,37 @@
+<?php
+/**
+ * Check if the user is logged in
+ * 
+ * This file should be required by all sensitive PHP scripts. It verifies that
+ * the client has been logged in, and if not, displays a login page.
+ *
+ * This file is only for files that are called through Ajax, and need a json
+ * response. For other files, there is login.php.
+ * 
+ * @author Camil Staps
+ *
+ * BusinessAdmin: administrative software for small companies
+ * Copyright (C) 2015 Camil Staps (ViviSoft)
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+require_once('./conf.php');
+
+if (!isset($_SESSION['login']) || $_SESSION['login'] === false) {
+	print(json_encode(['error' => 'You need to be logged in.']));
+	die();
+}
+
+$_user = new user($_pdo, $_SESSION['login']);