From 7ae65adfc5dc8254bb2749af1f4e0ccc418406ec Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.spb.ru>
Date: Thu, 16 Mar 2006 11:57:22 +0100
Subject: prevent setting session cookie when user not logged in and
 tt-rss.php/prefs.php is requested

---
 functions.php | 11 +++++++++++
 prefs.php     |  5 ++++-
 tt-rss.php    |  5 ++++-
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/functions.php b/functions.php
index a7a17f9b5..18546ca18 100644
--- a/functions.php
+++ b/functions.php
@@ -839,6 +839,17 @@
 		return true;
 	}
 
+	function basic_nosid_redirect_check() {
+		if (!SINGLE_USER_MODE) {
+			if (!$_COOKIE["ttrss_sid"]) {
+				$redirect_uri = get_login_redirect();
+				$return_to = preg_replace('/.*?\//', '', $_SERVER["REQUEST_URI"]);
+				header("Location: $redirect_uri?rt=$return_to");
+				exit;
+			}
+		}
+	}
+
 	function login_sequence($link) {
 		if (!SINGLE_USER_MODE) {
 
diff --git a/prefs.php b/prefs.php
index 7dd81e2bf..639f5d86e 100644
--- a/prefs.php
+++ b/prefs.php
@@ -1,11 +1,14 @@
 <?
+	require_once "functions.php"; 
+
+	basic_nosid_redirect_check();
+
 	require_once "sessions.php";
 
 	require_once "sanity_check.php";
 	require_once "version.php"; 
 	require_once "config.php";
 	require_once "db-prefs.php";
-	require_once "functions.php"; 
 
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
 
diff --git a/tt-rss.php b/tt-rss.php
index 9d125614d..e22d8408a 100644
--- a/tt-rss.php
+++ b/tt-rss.php
@@ -1,11 +1,14 @@
 <?
+	require_once "functions.php"; 
+
+	basic_nosid_redirect_check();
+
 	require_once "sessions.php";
 
 	require_once "sanity_check.php";
 	require_once "version.php"; 
 	require_once "config.php";
 	require_once "db-prefs.php";
-	require_once "functions.php"; 
 
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
 
-- 
cgit v1.2.3