added authentication among other things. considered working at this point.

handlers/ticket_handler.go

@@ -2,21 +2,29 @@ package handlers
 
 import (
 	"database/sql"
+	"html/template"
 	"log"
 	"net/http"
-
 	"synlotto-website/helpers"
 	"synlotto-website/models"
 	"synlotto-website/storage"
+
+	"github.com/gorilla/csrf"
 )
 
 func NewTicket(db *sql.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		log.Println("➡️ New ticket form opened")
 
-		err := Tmpl.ExecuteTemplate(w, "new_ticket", map[string]interface{}{
-			"Page": "new_ticket",
-			"Data": nil,
+		tmpl := template.Must(template.ParseFiles(
+			"templates/layout.html",
+			"templates/new_ticket.html",
+		))
+
+		err := tmpl.ExecuteTemplate(w, "layout", map[string]interface{}{
+			"csrfField": csrf.TemplateField(r),
+			"Page":      "new_ticket",
+			"Data":      nil,
 		})
 		if err != nil {
 			log.Println("❌ Template error:", err)
@@ -27,6 +35,10 @@ func NewTicket(db *sql.DB) http.HandlerFunc {
 
 func SubmitTicket(db *sql.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
+		if _, ok := GetCurrentUserID(r); !ok {
+			http.Redirect(w, r, "/login", http.StatusSeeOther)
+			return
+		}
 		ticket := models.MyTicket{
 			GameType: r.FormValue("game_type"),
 			DrawDate: r.FormValue("draw_date"),
@@ -53,6 +65,11 @@ func ListTickets(db *sql.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		log.Println("📋 Tickets page hit")
 
+		tmpl := template.Must(template.ParseFiles(
+			"templates/layout.html",
+			"templates/tickets.html",
+		))
+
 		rows, err := db.Query(`
 			SELECT id, game_type, draw_date, ball1, ball2, ball3, ball4, ball5, bonus1, bonus2, duplicate
 			FROM my_tickets
@@ -80,7 +97,7 @@ func ListTickets(db *sql.DB) http.HandlerFunc {
 			tickets = append(tickets, t)
 		}
 
-		err = Tmpl.ExecuteTemplate(w, "tickets", map[string]any{
+		err = tmpl.ExecuteTemplate(w, "layout", map[string]any{
 			"Page": "tickets",
 			"Data": tickets,
 		})