demo restrictions

[syp.git] / api.php

diff --git a/api.php b/api.php
index e74f3b46ff1e0d873f486053ae8f47f0aa157bbb..7895dadec249500bbd5cea178bd76c3421bdc5d4 100644 (file)
--- a/api.php
+++ b/api.php
@@ -255,6 +255,7 @@ function main ($con) {
             if ($_POST ["keep_img"] == "yes") {
                 $imgpath = $feature->imgpath;
             } else {
+                error_request ();
                 $imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
             }
 
@@ -295,6 +296,7 @@ function main ($con) {
             success_feature ($new_feature, "update");
         break;
         case "add":
+            error_request ();
             $imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
 
             $lon = $_POST ["lon"];
@@ -314,6 +316,7 @@ function main ($con) {
             success_feature ($feature, "add");
         break;
         case "del":
+            error_request ();
             $id = $_POST ["fid"];
             $feature = $con->getfeature ($id);
             if (!isset ($feature)) {
@@ -336,6 +339,7 @@ function main ($con) {
 
             success_delete_feature ($feature);
         case "changepass":
+            error_request ();
             $currpass = unquote ($_POST ["pass_current"]);
             if (!$con->checkpwdmd5 ($user, md5 ($currpass))) {
                 error_wrongpass ();
@@ -353,6 +357,7 @@ function main ($con) {
             success_changepass ($user);
         break;
         case "newuser":
+            error_request ();
             if ($user != "admin") {
                 error_unauthorized ();
             }