prevent setting session cookie when user not logged in and tt-rss.php/prefs.php is requested

functions.php

@@ -839,6 +839,17 @@
 		return true;
 	}
 
+	function basic_nosid_redirect_check() {
+		if (!SINGLE_USER_MODE) {
+			if (!$_COOKIE["ttrss_sid"]) {
+				$redirect_uri = get_login_redirect();
+				$return_to = preg_replace('/.*?\//', '', $_SERVER["REQUEST_URI"]);
+				header("Location: $redirect_uri?rt=$return_to");
+				exit;
+			}
+		}
+	}
+
 	function login_sequence($link) {
 		if (!SINGLE_USER_MODE) {
 

prefs.php

@@ -1,11 +1,14 @@
 <?
+	require_once "functions.php"; 
+
+	basic_nosid_redirect_check();
+
 	require_once "sessions.php";
 
 	require_once "sanity_check.php";
 	require_once "version.php"; 
 	require_once "config.php";
 	require_once "db-prefs.php";
-	require_once "functions.php"; 
 
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
 

tt-rss.php

@@ -1,11 +1,14 @@
 <?
+	require_once "functions.php"; 
+
+	basic_nosid_redirect_check();
+
 	require_once "sessions.php";
 
 	require_once "sanity_check.php";
 	require_once "version.php"; 
 	require_once "config.php";
 	require_once "db-prefs.php";
-	require_once "functions.php"; 
 
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);