From 4598ca3e6a680ca850f02d5479f76dbf0aa63c95 Mon Sep 17 00:00:00 2001
From: Christophe Brisbois <chr@brisbois.fr>
Date: Mon, 27 Feb 2017 21:52:53 +0100
Subject: [PATCH] Add files via upload

---
 dist/authorize.php | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/dist/authorize.php b/dist/authorize.php
index 0808743..43cf277 100644
--- a/dist/authorize.php
+++ b/dist/authorize.php
@@ -4,7 +4,7 @@
 * http://nanogallery2.nanostudio.org
 *
 * PHP 5.2+
-* @version    1.2.2
+* @version    1.2.3
 * @author     Christophe Brisbois - http://www.brisbois.fr/
 * @copyright  Copyright 2017
 * @license    GPLv3
@@ -28,11 +28,18 @@
   include('admin/config.php');
   include('admin/tools.php');
 
+  // check CURL installation
   if( !function_exists('curl_version') ) {
-    echo 'Please install/enable CURL to execute this application.';
+    response_json( array('nano_status' => 'error', 'nano_message' => 'Please install/enable CURL to execute this application.' ) );
     exit;
   }
-
+  
+  // check write permissions
+  if( !is_writable('admin/users') ) {
+    response_json( array('nano_status' => 'error', 'nano_message' => 'Error: no write permissions to folder admin/users.' ) );
+    exit;
+  }
+  
   $prot='http://';
   if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off'){
     $prot='https://';
@@ -127,6 +134,11 @@
           // we got the user ID
           $user_id = $objProfile -> id;
           
+          if( $user_id = '' ) {
+            response_json( array('nano_status' => 'error', 'nano_message' => 'Retrieved user ID is empty.' ) );
+            exit;
+          }
+          
           if(  property_exists( $authObj, 'refresh_token' ) ) {
             // refresh token present -> ok, it's the first authorization grant
             // store tokens