From 224025650ac0f4be5ea814ee4aaf2c6d0b070d7e Mon Sep 17 00:00:00 2001
From: zhaoxuan <zhaoxuan1727@gmail.com>
Date: Wed, 15 Nov 2017 10:48:29 +0800
Subject: [PATCH] add api validation

---
 php/index.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/php/index.php b/php/index.php
index 174c6ef..b3a6429 100755
--- a/php/index.php
+++ b/php/index.php
@@ -60,8 +60,11 @@ if (!empty($fn)) {
 	}
 
 	// Check if user is logged
-	if ((isset($_SESSION['login'])&&$_SESSION['login']===true)&&
-		(isset($_SESSION['identifier'])&&$_SESSION['identifier']===Settings::get()['identifier'])) {
+	$status = (isset($_SESSION['login'])&&$_SESSION['login']===true)&&
+		(isset($_SESSION['identifier'])&&$_SESSION['identifier']===Settings::get()['identifier']);
+
+	// Use identifier to access api
+	if ($status || ($_POST['identifier']===Settings::get()['identifier'])) {
 
 		/**
 		 * Admin Access