diff options
Diffstat (limited to 'api')
| -rw-r--r-- | api/save.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/api/save.php b/api/save.php index 52cdebe..864f86e 100644 --- a/api/save.php +++ b/api/save.php @@ -1,7 +1,7 @@ <?php -require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/session.inc"; global $isLoggedIn; -if (!$isLoggedIn) header("Location: /-/login") and die(); +require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/session.inc"; global $isLoggedIn; global $isLowerLoggedIn; global $app; +if (!$isLoggedIn && !$isLowerLoggedIn) header("Location: /-/login") and die(); $request_raw = file_get_contents('php://input'); $json_object = json_decode($request_raw, true); @@ -20,6 +20,8 @@ if (!isset($member) || trim($member) === "" || strlen($member) !== 5 || !preg_ma if (!isset($subsystem) || trim($subsystem) === "" || !preg_match("/[a-z\d]/i", $subsystem)) if ($subsystem !== null && $subsystem !== "null") header("Location: /?error=Subsystem not found") and die(); +if ($isLowerLoggedIn && $system !== $app["other"]["id"]) die(); + if (!isset($content)) header("Location: /?error=No content") and die(); |