X-Git-Url: https://dev.renevier.net/gitweb.cgi?p=syp.git;a=blobdiff_plain;f=api.php;h=7895dadec249500bbd5cea178bd76c3421bdc5d4;hp=ac49d76665ca7cec11da77cad84d1b03c3bc3181;hb=a42abf4f24b4ba9fc5ad84b39c74e1b7a446934e;hpb=622411c971955d02eb265498250c683b6f28a154 diff --git a/api.php b/api.php index ac49d76..7895dad 100644 --- a/api.php +++ b/api.php @@ -255,6 +255,7 @@ function main ($con) { if ($_POST ["keep_img"] == "yes") { $imgpath = $feature->imgpath; } else { + error_request (); $imgpath = save_uploaded_file ($_FILES ["image_file"], $con); } @@ -295,6 +296,7 @@ function main ($con) { success_feature ($new_feature, "update"); break; case "add": + error_request (); $imgpath = save_uploaded_file ($_FILES ["image_file"], $con); $lon = $_POST ["lon"]; @@ -314,6 +316,7 @@ function main ($con) { success_feature ($feature, "add"); break; case "del": + error_request (); $id = $_POST ["fid"]; $feature = $con->getfeature ($id); if (!isset ($feature)) { @@ -336,6 +339,7 @@ function main ($con) { success_delete_feature ($feature); case "changepass": + error_request (); $currpass = unquote ($_POST ["pass_current"]); if (!$con->checkpwdmd5 ($user, md5 ($currpass))) { error_wrongpass (); @@ -344,12 +348,16 @@ function main ($con) { try { $con->setpwd ($user, $newpass); } catch (Exception $e) { + if ($e->getMessage () == anydbConnection::err_query) { + error_request (); + } error_server (); } setcookies ($user, $newpass); success_changepass ($user); break; case "newuser": + error_request (); if ($user != "admin") { error_unauthorized (); } @@ -364,6 +372,9 @@ function main ($con) { try { $con->setpwd ($newuser_name, $newuser_password); } catch (Exception $e) { + if ($e->getMessage () == anydbConnection::err_query) { + error_request (); + } error_server (); } success_newuser ($newuser_name);