wsj-filenaming/auth.php

<?php
require_once __DIR__ . '/config.php';

if (session_status() === PHP_SESSION_NONE) {
    ini_set('session.cookie_httponly', 1);
    ini_set('session.cookie_samesite', 'Lax');
    if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
        ini_set('session.cookie_secure', 1);
    }
    session_start();
}

function getSafeUser(string $email): string {
    return str_replace(['@', '.'], ['_at_', '_dot_'], $email);
}

function getUserDataFile(string $email): string {
    return 'data_' . getSafeUser($email) . '.json';
}

function requireAuth(): void {
    global $CURRENT_USER;

    if (!empty($_SESSION['user_email'])) {
        $CURRENT_USER = $_SESSION['user_email'];
        return;
    }

    // No session — show auth gate and stop execution
    include __DIR__ . '/auth_gate.php';
    exit;
}
?>