* Firmed up the login/logout process

[citadel.git] / ctdlphp / ctdlheader.php

diff --git a/ctdlphp/ctdlheader.php b/ctdlphp/ctdlheader.php
index 2bf55be696a76b0ecc30a164290c40aa80a932ea..48ca29c559ffb13e92957e616ae364289b2d8a9b 100644 (file)
--- a/ctdlphp/ctdlheader.php
+++ b/ctdlphp/ctdlheader.php
@@ -15,12 +15,27 @@ include "ctdlprotocol.php";
 function bbs_page_header() {
        global $session;
 
-       if(strcmp('4.3.0', phpversion()) > 0) {
+       if (strcmp('4.3.0', phpversion()) > 0) {
                die("This program requires PHP 4.3.0 or newer.");
        }
 
        establish_citadel_session();
 
+       // If the user is trying to call up any page other than
+       // login.php logout.php do_login.php,
+       // and the session is not logged in, redirect to login.php
+       //
+       if ($_SESSION["logged_in"] != 1) {
+               $filename = basename(getenv('SCRIPT_NAME'));
+               if (    (strcmp($filename, "login.php"))
+                  &&   (strcmp($filename, "logout.php"))
+                  &&   (strcmp($filename, "do_login.php"))
+               ) {
+                       header("Location: login.php");
+                       exit(0);
+               }
+       }
+
        echo <<<LITERAL
 
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">