From 1a7e1c5491d937dea9706992cba6181183914baa Mon Sep 17 00:00:00 2001
From: Nathanne Isip <nathanneisip@gmail.com>
Date: Fri, 26 Jul 2024 00:12:08 +0800
Subject: [PATCH] Username and origin ID matching check on app sharing.

---
 controller/apps.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/controller/apps.php b/controller/apps.php
index c1f6af4..dd89f62 100644
--- a/controller/apps.php
+++ b/controller/apps.php
@@ -333,6 +333,17 @@ public static function shareApp($originId, $username, $password, $appKey, $appId
         }
 
         global $db_conn;
+        $res = mysqli_query(
+            $db_conn,
+            "SELECT * FROM accounts WHERE id=".$originId." AND username=\"".$username."\""
+        );
+
+        if(mysqli_num_rows($res) != 1) {
+            Response::failedMessage("Account must be the same with the application owner.");
+            return;
+        }
+        freeDBQuery($res);
+
         $res = mysqli_query(
             $db_conn,
             "SELECT * FROM accounts WHERE id=".$originId." AND email=\"".$email."\""