From ec31b1df618f381e85a30aec05bd4672b11229b2 Mon Sep 17 00:00:00 2001
From: Noah <noah.roy28@yahoo.com>
Date: Fri, 5 Jun 2026 09:51:02 +0200
Subject: [PATCH] Refactor session management and navigation in index and
 header files; add auth utilities for user role verification

---
 controllers/auth_utilities.php | 19 +++++++++++++++
 index.php                      |  2 +-
 views/header.php               | 42 +++++++++++++++-------------------
 3 files changed, 39 insertions(+), 24 deletions(-)
 create mode 100644 controllers/auth_utilities.php

diff --git a/controllers/auth_utilities.php b/controllers/auth_utilities.php
new file mode 100644
index 0000000..3ac21ab
--- /dev/null
+++ b/controllers/auth_utilities.php
@@ -0,0 +1,19 @@
+<?php
+
+// Vérifie si l'utilisateur est connecté
+function is_logged() {
+    return isset($_SESSION['login']);
+}
+
+// Vérifie si l'utilisateur a un rôle spécifique
+function has_role(string $role) {
+    return isset($_SESSION['role']) && $_SESSION['role'] == $role;
+}
+
+// Redirige vers l'authentification si l'utilisateur n'a pas les droits
+function verify_grants(string $route, string $role = '') {
+    if (!has_role($role) && !($role == '' && is_logged())) {
+        header('Location: index.php?route=auth&ask=' . $route);
+        exit;
+    }
+}
diff --git a/index.php b/index.php
index b925291..a5b27ee 100644
--- a/index.php
+++ b/index.php
@@ -8,7 +8,7 @@
     //Loads some functions for session managment and starts the session
     require('controllers/auth_utilities.php');
     session_start();
-    var_dump($_SESSION);
+    //var_dump($_SESSION);
     
     //Erreurs à afficher SEULEMENT en phase de développement !
     error_reporting(E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED);
diff --git a/views/header.php b/views/header.php
index aae4a38..584764f 100644
--- a/views/header.php
+++ b/views/header.php
@@ -1,34 +1,30 @@
 <?php
 //session_start();
 
-// Liens de navigation (conditionnels selon session et rôle)
+// --- NAVIGATION STATIQUE (auth commentée en attendant le système de connexion) ---
 $nav = '<li><a href="index.php">Accueil</a></li>';
 
-if (is_logged()) {
-    $nav .= '<li><a href="index.php?route=planning">Planning</a></li>';
-    $nav .= '<li><a href="index.php?route=sauveteurs">Sauveteurs</a></li>';
-}
-if (has_role('gestionnaire') || has_role('administration')) {
-    $nav .= '<li><a href="index.php?route=gestion">Gestion</a></li>';
-}
-if (has_role('administration')) {
-    $nav .= '<li><a href="index.php?route=admin">Admin</a></li>';
-}
+// À DÉCOMMENTER quand auth_utilities.php sera chargé :
+// $nav .= '<li><a href="index.php?route=planning">Planning</a></li>';
+// $nav .= '<li><a href="index.php?route=sauveteurs">Sauveteurs</a></li>';
+// $nav .= '<li><a href="index.php?route=gestion">Gestion</a></li>';
+// $nav .= '<li><a href="index.php?route=admin">Admin</a></li>';
 
-if (is_logged()) {
-    $nav .= '<li><a href="index.php?route=logout" class="nav-right">Déconnexion</a></li>';
-    $session = 'Connecté : ' . htmlentities($_SESSION['login']) . ' (' . ($_SESSION['role'] ?: 'lecture') . ')';
-} else {
-    $nav .= '<li><a href="index.php?route=auth" class="nav-right">Connexion</a></li>';
-    $session = 'Non connecté';
-}
+$nav .= '<li><a href="index.php?route=planning">Planning</a></li>';
+$nav .= '<li><a href="index.php?route=sauveteurs">Sauveteurs</a></li>';
+$nav .= '<li><a href="index.php?route=gestion">Gestion</a></li>';
+$nav .= '<li><a href="index.php?route=admin">Admin</a></li>';
+
+$nav .= '<li><a href="index.php?route=auth" class="nav-right">Connexion</a></li>';
+
+// $session = 'Connecté : ' . htmlentities($_SESSION['login']) . ' (' . ($_SESSION['role'] ?: 'lecture') . ')';
+$session = 'Non connecté';
 
-// Notification flash
 $notif = '';
-if (!empty($_SESSION['notification'])) {
-    $notif = '<div id="notification">' . htmlentities($_SESSION['notification']) . '</div>';
-    unset($_SESSION['notification']);
-}
+// if (!empty($_SESSION['notification'])) {
+//     $notif = '<div id="notification">' . htmlentities($_SESSION['notification']) . '</div>';
+//     unset($_SESSION['notification']);
+// }
 ?>
 <!DOCTYPE html>
 <html lang="fr">