From 6a82f78dcc381c191dab5c4fe63d12096d596e41 Mon Sep 17 00:00:00 2001
From: Christian Weiske <cweiske@cweiske.de>
Date: Thu, 27 Sep 2012 20:43:22 +0200
Subject: do not allow to change profile details, only show them

---
 www/user.php | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

(limited to 'www/user.php')

diff --git a/www/user.php b/www/user.php
index 8b86a50..364981c 100644
--- a/www/user.php
+++ b/www/user.php
@@ -5,13 +5,8 @@
 namespace phorkie;
 $reqWritePermissions = true;
 require_once 'www-header.php';
-
-if (isset($_POST['name'])) {
-    $_SESSION['name'] = substr(filter_var($_POST['name'], FILTER_SANITIZE_STRING), 0, 35);
-}
-
-if (isset($_POST['email'])) {
-    $_SESSION['email'] = substr(filter_var($_POST['email'], FILTER_SANITIZE_EMAIL), 0, 35);
+if (!isset($_SESSION['identity'])) {
+    require 'forbidden.php';
 }
 
 render(
-- 
cgit v1.2.3