From 77117171c6e68e229b83f2db71f41c206ec0da0c Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Wed, 28 Jun 2017 13:40:35 +0300
Subject: backend: check for session first, then open DB

---
 backend.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/backend.php b/backend.php
index 4ab000d..018c0e8 100644
--- a/backend.php
+++ b/backend.php
@@ -4,13 +4,9 @@
 	require_once "sessions.php";
 	require_once "db.php";
 
-	$ldb = Db::get();
-
-	$op = $_REQUEST["op"];
-
 	header("Content-type: text/json");
 
-	$owner = SQLite3::escapeString($_SESSION["owner"]);
+	@$owner = SQLite3::escapeString($_SESSION["owner"]);
 
 	if (!$owner) {
 		header($_SERVER["SERVER_PROTOCOL"]." 401 Unauthorized");
@@ -18,6 +14,10 @@
 		die;
 	}
 
+	$op = $_REQUEST["op"];
+
+	$ldb = Db::get();
+
 	ob_start("ob_gzhandler");
 
 	switch ($op) {
-- 
cgit v1.2.3