From 627fd8ac7b8e13eac4977c0da68619c1b12eff9e Mon Sep 17 00:00:00 2001
From: ENGO150 <v.smejkal06@gmail.com>
Date: Mon, 20 May 2024 20:03:59 +0200
Subject: [PATCH] secured list_table

---
 res/forum/list_table.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/res/forum/list_table.php b/res/forum/list_table.php
index e769823..287b899 100644
--- a/res/forum/list_table.php
+++ b/res/forum/list_table.php
@@ -1,6 +1,20 @@
 <?php
 
 include("../global.php");
+session_start();
+
+if (!isset($_SESSION["username"])) goto fail;
+
+$out = $database -> query("SELECT username, admin FROM user WHERE username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
+
+if ($out -> num_rows != 1)
+{
+    fail:
+    echo "nope";
+    header("Location: ../../index.php");
+    return;
+}
+
 
 $out = $database -> query("SELECT username FROM user ORDER BY id ASC");