alpinux-portail/web/inc/auth.php

<?php
require_once __DIR__ . '/config.php';

function session_start_safe(): void {
    if (session_status() === PHP_SESSION_NONE) {
        session_name('portail_sess');
        session_set_cookie_params([
            'lifetime' => 0,
            'path'     => '/',
            'secure'   => true,
            'httponly' => true,
            'samesite' => 'Lax',
        ]);
        session_start();
    }
}

function current_user(): ?array {
    session_start_safe();
    return $_SESSION['user'] ?? null;
}

function require_login(): void {
    $user = current_user();
    if (!$user) {
        $_SESSION['next_url'] = (isset($_SERVER['HTTPS']) ? 'https' : 'http')
            . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
        header('Location: /auth/login.php');
        exit;
    }
}

function require_admin(): void {
    require_login();
    $user = current_user();
    if (!($user['is_admin'] ?? false)) {
        http_response_code(403);
        require __DIR__ . '/../views/403.php';
        exit;
    }
}

function is_adherent(): bool {
    $user = current_user();
    return $user ? (bool)($user['is_adherent'] ?? false) : false;
}

function set_flash(string $type, string $message): void {
    session_start_safe();
    $_SESSION['flash'] = ['type' => $type, 'message' => $message];
}

function get_flash(): ?array {
    session_start_safe();
    $flash = $_SESSION['flash'] ?? null;
    unset($_SESSION['flash']);
    return $flash;
}