diff options
author | Andrew Dolgov <[email protected]> | 2017-06-29 13:04:54 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2017-06-29 13:04:54 +0300 |
commit | b54a6d3e68c97c73af4d5e1a6288e8b257cbd517 (patch) | |
tree | 5b33a3b88e7a1abb68949f1111f2753b5719fd21 /backend.php | |
parent | 131e407e1bdbc6fd9e51d8bf695610d5676e6f66 (diff) |
don't start sessions needlessly
Diffstat (limited to 'backend.php')
-rw-r--r-- | backend.php | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/backend.php b/backend.php index 018c0e8..7cd15bb 100644 --- a/backend.php +++ b/backend.php @@ -1,11 +1,20 @@ <?php require_once "config.php"; - require_once "sessions.php"; - require_once "db.php"; header("Content-type: text/json"); + // let's not start a session if there's no cookie, login is impossible + // via backend anyway + if (!isset($_COOKIE['epube_sid'])) { + header($_SERVER["SERVER_PROTOCOL"]." 402 Unauthorized"); + echo "Unauthorized"; + die; + } + + require_once "sessions.php"; + require_once "db.php"; + @$owner = SQLite3::escapeString($_SESSION["owner"]); if (!$owner) { |