Protect admin pages
Change-Id: I09e77bf11424c7dbad22f925f2563138a5f9c563
diff --git a/admin/createtable.php b/admin/createtable.php
index 971499b..07ad979 100644
--- a/admin/createtable.php
+++ b/admin/createtable.php
@@ -1,6 +1,11 @@
<?php
require '../credentials.php';
require '../php/utils.php';
+
+ $credentials = new Credentials();
+ if ($credentials->adminToken != ($_GET["token"] ?? "")) {
+ exit();
+ }
$dbname = $_GET['dbname'];
$mortsname = $dbname . "_morts";
diff --git a/admin/index.php b/admin/index.php
index 9253f8f..bf6078c 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -1,6 +1,7 @@
<h1>Crea nova taula</h1>
<form action="createtable.php" method="GET">
<label>Crear taula: <input type="text" name="dbname" placeholder="Nom de la base de dades" /></label>
+ <input type="password" name="token" placeholder="Token">
<input type="submit" />
</form>
@@ -8,5 +9,6 @@
<form action="insert.php" method="POST" enctype="multipart/form-data">
<label>Insert CSV: <input type="file" name="csvname" /></label>
<input type="text" name="dbname" placeholder="Nom de la base de dades" value="<?=isset($_GET['dbname']) ? $_GET['dbname'] : ''?>" />
+ <input type="password" name="token" placeholder="Token">
<input type="submit" />
</form>
diff --git a/admin/insert.php b/admin/insert.php
index 883ca8a..9f5abb2 100644
--- a/admin/insert.php
+++ b/admin/insert.php
@@ -1,7 +1,12 @@
<?php
require '../credentials.php';
require '../php/utils.php';
-
+
+ $credentials = new Credentials();
+ if ($credentials->adminToken != ($_POST["token"] ?? "")) {
+ exit();
+ }
+
$csvname = $_FILES['csvname']['tmp_name'];
$dbname = $_POST['dbname'];