From 5f9e78cf4a9759928b285384e69a01761c28befc Mon Sep 17 00:00:00 2001
From: flashwave <me@flash.moe>
Date: Fri, 9 Dec 2016 19:11:31 +0100
Subject: [PATCH] prevent logged out users from access settings

---
 app/Controllers/Settings/AccountController.php | 1 -
 app/Controllers/Settings/Controller.php        | 5 +++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/Controllers/Settings/AccountController.php b/app/Controllers/Settings/AccountController.php
index 5f7758a..0acc433 100644
--- a/app/Controllers/Settings/AccountController.php
+++ b/app/Controllers/Settings/AccountController.php
@@ -245,7 +245,6 @@ class AccountController extends Controller
         ];
 
         if (session_check() && $rank && $mode) {
-            // Check if user has this rank
             if (!CurrentSession::$user->hasRanks([$rank])) {
                 return $this->json(['error' => "You aren't a part of this rank!"]);
             }
diff --git a/app/Controllers/Settings/Controller.php b/app/Controllers/Settings/Controller.php
index c1319aa..cf4c2b9 100644
--- a/app/Controllers/Settings/Controller.php
+++ b/app/Controllers/Settings/Controller.php
@@ -6,6 +6,7 @@
 
 namespace Sakura\Controllers\Settings;
 
+use Phroute\Phroute\Exception\HttpMethodNotAllowedException;
 use Sakura\Controllers\Controller as BaseController;
 use Sakura\CurrentSession;
 use Sakura\Template;
@@ -22,6 +23,10 @@ class Controller extends BaseController
      */
     public function __construct()
     {
+        if (!CurrentSession::$user->activated) {
+            throw new HttpMethodNotAllowedException;
+        }
+
         Template::vars(['navigation' => $this->navigation()]);
     }