From f712d7c26e4d1e899398b43fd1cd99f4afa9eee1 Mon Sep 17 00:00:00 2001
From: Dan Tucny <d@tucny.com>
Date: Sun, 5 Mar 2017 05:25:18 +0800
Subject: [PATCH] SEC: ensure actions and graph data are not available without
 authentication

---
 actions_add_remove.php | 6 ++++++
 getgraph.php           | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/actions_add_remove.php b/actions_add_remove.php
index 4394215..53086a0 100644
--- a/actions_add_remove.php
+++ b/actions_add_remove.php
@@ -20,6 +20,12 @@
     You should have received a copy of the GNU General Public License
     along with Foobar.  If not, see <http://www.gnu.org/licenses/>.
  */
+session_start();
+session_cache_limiter('nocache');
+$cache_limiter = session_cache_limiter();
+
+if (!isset($_SESSION['loggedin'])) exit();
+
 require_once ('inc/db.php');
 
 function Redirect_Servers ($server, $permanent = false) {
diff --git a/getgraph.php b/getgraph.php
index c63d313..2a94b76 100644
--- a/getgraph.php
+++ b/getgraph.php
@@ -1,4 +1,10 @@
 <?php
+session_start();
+session_cache_limiter('nocache');
+$cache_limiter = session_cache_limiter();
+
+if (!isset($_SESSION['loggedin'])) exit();
+
 require_once 'inc/db.php';
 $dblink = db_connect();
 // Packages with updates