From 6183a9208e35fc66741cec49bdcec759273a28d2 Mon Sep 17 00:00:00 2001
From: int2001 <joerg@dj7nt.de>
Date: Tue, 1 Aug 2023 10:37:20 +0000
Subject: [PATCH] protect DANGEROUS Functions from being called without authed
 user

---
 application/controllers/Welcome.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/application/controllers/Welcome.php b/application/controllers/Welcome.php
index 36e69dc6..893be3e9 100644
--- a/application/controllers/Welcome.php
+++ b/application/controllers/Welcome.php
@@ -8,9 +8,14 @@
 
 
 class Welcome extends CI_Controller {
+	function __construct() {
+		parent::__construct();
 
-	public function index()
-	{
+		$this->load->model('user_model');
+		if(!$this->user_model->authorize(2)) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
+	}
+
+	public function index() {
         if($this->optionslib->get_option('version2_trigger') == "false") {
             $data['page_title'] = "Welcome to Cloudlog Version 2.0";
 
@@ -96,4 +101,4 @@ class Welcome extends CI_Controller {
             echo "Error claiming API Keys during Migration. See Logs for further information";
         }
     }
-}
\ No newline at end of file
+}