check authentication when uploading files

evo42 · May 21, 2013 · 47f7a91 · 47f7a91
1 parent 58ec2d8
commit 47f7a91
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 1 deletion.
diff --git a/runty/app/upload.aloha.php b/runty/app/upload.aloha.php
@@ -1,4 +1,15 @@
 <?php 
+require_once 'core.php';
+
+if (isset($_SESSION['user']->role)) {
+    if ($_SESSION['user']->role != 'admin' || $_SESSION['user']->role != 'editor') {
+	    echo json_encode('Runty: User not authenticated.')
+        die();
+    }
+} else {
+    echo json_encode('Runty: User not authenticated.')
+    die();
+}
 
 /**
  * Easy example script to store uploaded files

diff --git a/runty/app/upload.php b/runty/app/upload.php
@@ -1,6 +1,15 @@
 <?php 
+require_once 'core.php';
 
-//include_once './vendor/Markdown.php';
+if (isset($_SESSION['user']->role)) {
+    if ($_SESSION['user']->role != 'admin' || $_SESSION['user']->role != 'editor') {
+	    echo json_encode('Runty: User not authenticated.')
+        die();
+    }
+} else {
+    echo json_encode('Runty: User not authenticated.')
+    die();
+}
 
 spl_autoload_register(function($class){
 	require './vendor/'.preg_replace('{\\\\|_(?!.*\\\\)}', DIRECTORY_SEPARATOR, ltrim($class, '\\')).'.php';