Phase A — HTML removed from PHP files: - RateLimitMiddleware.php: heredoc moved to views/errors/429.php - public/index.php: inline HTML replaced with View::error() - AuthMiddleware.php: <script> redirect replaced with <meta refresh> Phase B — Inline CSS/JS extracted from views: - CSS: landing.css (459 lines), legal.css (shared by terms+privacy) - JS: 17 new files extracted from ~20 view files - main.js (layout sidebar + notifications) - dashboard-chart.js, server-show.js, server-services.js - nginx-manager.js, database-manager.js - terminal.js, team-show.js, team-index.js - server-list.js, server-permissions.js (shared by edit+create) - server-ssl.js, server-processes.js, system-users.js - admin-users.js, audit-log.js, admin-notifications.js, admin-security.js - notifications.js Total: -3264 lines from views, +288 lines in new assets
37 lines
904 B
PHP
Executable File
37 lines
904 B
PHP
Executable File
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace ServerManager\Middleware;
|
|
|
|
use ServerManager\Core\Session;
|
|
|
|
class AuthMiddleware
|
|
{
|
|
public function handle(): mixed
|
|
{
|
|
if (!Session::has('user_id')) {
|
|
Session::setFlash('error', 'You must be logged in to access this page.');
|
|
$this->redirect('/login');
|
|
}
|
|
|
|
if (Session::get('session_expiry') && time() > Session::get('session_expiry')) {
|
|
Session::destroy();
|
|
Session::setFlash('error', 'Your session has expired. Please log in again.');
|
|
$this->redirect('/login');
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
private function redirect(string $url): never
|
|
{
|
|
if (!headers_sent()) {
|
|
header("Location: {$url}");
|
|
} else {
|
|
echo '<meta http-equiv="refresh" content="0;url=' . htmlspecialchars($url) . '">';
|
|
}
|
|
exit;
|
|
}
|
|
}
|