From 5f9e78cf4a9759928b285384e69a01761c28befc Mon Sep 17 00:00:00 2001 From: flashwave Date: Fri, 9 Dec 2016 19:11:31 +0100 Subject: [PATCH] prevent logged out users from access settings --- app/Controllers/Settings/AccountController.php | 1 - app/Controllers/Settings/Controller.php | 5 +++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/app/Controllers/Settings/AccountController.php b/app/Controllers/Settings/AccountController.php index 5f7758a..0acc433 100644 --- a/app/Controllers/Settings/AccountController.php +++ b/app/Controllers/Settings/AccountController.php @@ -245,7 +245,6 @@ class AccountController extends Controller ]; if (session_check() && $rank && $mode) { - // Check if user has this rank if (!CurrentSession::$user->hasRanks([$rank])) { return $this->json(['error' => "You aren't a part of this rank!"]); } diff --git a/app/Controllers/Settings/Controller.php b/app/Controllers/Settings/Controller.php index c1319aa..cf4c2b9 100644 --- a/app/Controllers/Settings/Controller.php +++ b/app/Controllers/Settings/Controller.php @@ -6,6 +6,7 @@ namespace Sakura\Controllers\Settings; +use Phroute\Phroute\Exception\HttpMethodNotAllowedException; use Sakura\Controllers\Controller as BaseController; use Sakura\CurrentSession; use Sakura\Template; @@ -22,6 +23,10 @@ class Controller extends BaseController */ public function __construct() { + if (!CurrentSession::$user->activated) { + throw new HttpMethodNotAllowedException; + } + Template::vars(['navigation' => $this->navigation()]); }