From 07ddcafd3fac1f85536a24094ac0eaf68e3f0f20 Mon Sep 17 00:00:00 2001
From: Claudio <info@claudiosironi.com>
Date: Sat, 27 Sep 2025 13:38:26 +0200
Subject: [PATCH] fixed nologin

---
 public/userarea/upload_photos_mobile.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/public/userarea/upload_photos_mobile.php b/public/userarea/upload_photos_mobile.php
index 81c79e4..d4abaea 100644
--- a/public/userarea/upload_photos_mobile.php
+++ b/public/userarea/upload_photos_mobile.php
@@ -1,6 +1,6 @@
 <?php
 // upload_photos_mobile.php
-include('include/headscriptnologin.php');
+include('include/headscript.php');
 
 $db = DBHandlerSelect::getInstance();
 $pdo = $db->getConnection();
@@ -17,7 +17,12 @@ if ($iddatadb && $idquotations) {
     die('Non è possibile specificare sia iddatadb che idquotations');
 }
 
-
+// Verifica che l'utente loggato esista
+$stmt = $pdo->prepare("SELECT id FROM auth_users WHERE id = ?");
+$stmt->execute([$iduserlogin]);
+if (!$stmt->fetch(PDO::FETCH_ASSOC)) {
+    die('Utente non valido');
+}
 
 // Determina quale ID usare e verifica l'esistenza
 $paramName = $iddatadb ? 'iddatadb' : 'idquotations';