Zeszyt_2/source/includes/auth.php

<?php
if (session_status() !== PHP_SESSION_ACTIVE) {
    $isHttps = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off';
    session_set_cookie_params([
        'httponly' => true,
        'secure' => $isHttps,
        'samesite' => 'Lax',
    ]);
    session_start();
}

function e($value) {
    return htmlspecialchars((string)$value, ENT_QUOTES, 'UTF-8');
}

function getCsrfToken() {
    if (empty($_SESSION['csrf_token'])) {
        $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
    }

    return $_SESSION['csrf_token'];
}

function csrfInput() {
    return '<input type="hidden" name="csrf_token" value="' . e(getCsrfToken()) . '">';
}

function isValidCsrfToken($token) {
    return is_string($token) && hash_equals(getCsrfToken(), $token);
}

function requireCsrfToken($token = null) {
    if (!isValidCsrfToken($token ?? ($_POST['csrf_token'] ?? null))) {
        http_response_code(403);
        exit('Błąd bezpieczeństwa: nieprawidłowy token formularza.');
    }
}

function checkAuth() {
    if (!isset($_SESSION['user_id'])) {
        header("Location: login.php");
        exit();
    }
}

function checkAdmin() {
    if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') {
        http_response_code(403);
        exit('Błąd: Brak uprawnień administratora.');
    }
}
?>