From a2f29c67a41ca98c6e0f947fb7b3203a4c67044c Mon Sep 17 00:00:00 2001
From: phl0 <github@florian-wolters.de>
Date: Tue, 2 May 2023 08:04:21 +0200
Subject: [PATCH] If no API key is supplied we should check for a valid session
 and otherwise just redirect to login.

---
 application/controllers/Backup.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/application/controllers/Backup.php b/application/controllers/Backup.php
index e73306f7..ba6f928a 100644
--- a/application/controllers/Backup.php
+++ b/application/controllers/Backup.php
@@ -21,6 +21,11 @@ class Backup extends CI_Controller {
 
 	/* Gets all QSOs and Dumps them to logbook.adi */
 	public function adif($key = null){ 
+		if ($key == null) {
+			$this->load->model('user_model');
+			if(!$this->user_model->authorize(2)) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
+		}
+
 		$this->load->helper('file');
 		// Set memory limit to unlimited to allow heavy usage
 		ini_set('memory_limit', '-1');
@@ -74,4 +79,4 @@ class Backup extends CI_Controller {
 	}
 }
 
-/* End of file Backup.php */
\ No newline at end of file
+/* End of file Backup.php */