API filter per user level

2017-02-01 11:38:43 +01:00
parent 028c2373c1
commit e414a1633e
18 changed files with 309 additions and 268 deletions
--- a/website/public/API/loadPost.php
+++ b/website/public/API/loadPost.php
@@ -5,8 +5,15 @@ require_once("../../queries/post.php");
 require_once("../../queries/checkInput.php");
 require_once("../../queries/nicetime.php");

-if(isset($_GET['postID'])) {
-    include("../../views/post-view.php");
+require_once("../../queries/user.php");
+
+if (isset($_SESSION["userID"]) &&
+    getRoleByID($_SESSION["userID"]) != 'banned') {
+    if (isset($_GET['postID'])) {
+        include("../../views/post-view.php");
+    } else {
+        echo "Kan de post niet laden";
+    }
 } else {
-    echo "Failed to load";
+    header('HTTP/1.0 403 Forbidden');
 }