Don't allow people who don't own a project to update it

This commit is contained in:
Markus Wang Halvorsen 2018-02-26 16:26:10 +01:00
parent e60195d431
commit 9fec2d56f4
1 changed files with 9 additions and 0 deletions

View File

@ -44,6 +44,15 @@ if($id == 0){
$statement->execute();
}else{
$projectManager = new \pvv\side\ProjectManager($pdo);
$owner = $projectManager->getProjectOwner($id);
if($uname != $owner['uname']){
header('Content-Type: text/plain', true, 403);
echo "Not project owner for project with ID " . $id . "\r\n";
exit();
}
$query = 'UPDATE projects SET name=:title, description=:desc WHERE id=:id';
$statement = $pdo->prepare($query);