PostIdentifyandloggout

2026-01-29 18:20:35 +11:00
parent bcd6d7c0ef
commit 65b0ee8e0b
1 changed files with 46 additions and 5 deletions
--- a/script.js
+++ b/script.js
@@ -113,6 +113,32 @@ document.addEventListener('DOMContentLoaded', () => {
    let generatedOTP = null;
    let newAvatarBase64 = null;

+    // --- CHECK SESSION & LOGOUT ---
+    function checkSession() {
+        const currentUser = JSON.parse(localStorage.getItem('currentUser') || '{}');
+        if (currentUser.email) {
+            if (loginView) {
+                loginView.classList.add('hidden');
+                loginView.style.display = 'none';
+            }
+            if (feedView) {
+                feedView.classList.remove('hidden');
+                initFeed();
+            }
+        }
+    }
+    checkSession();
+
+    const logoutBtn = document.querySelector('.header-actions .icon-btn');
+    if (logoutBtn) {
+        logoutBtn.addEventListener('click', () => {
+            if (confirm('Log out?')) {
+                localStorage.removeItem('currentUser');
+                location.reload();
+            }
+        });
+    }
+
    // --- ONBOARDING LOGIC ---
    // Avatar Upload Handler
    if (avatarTrigger && avatarInput) {
@@ -407,20 +433,29 @@ document.addEventListener('DOMContentLoaded', () => {
        article.setAttribute('data-post-id', post.id);

        const currentUser = JSON.parse(localStorage.getItem('currentUser') || '{}');
-        const isOwner = post.userEmail && post.userEmail === currentUser.email;
+        const currentEmail = (currentUser.email || '').trim().toLowerCase();
+        const postEmail = (post.userEmail || '').trim().toLowerCase();

-        // Only show options if owner
-        const optionsHTML = isOwner ? `
+        // STRICT MODE: Email Only (as requested by User)
+        // This disables deleting legacy posts without email, but ensures security.
+        const isOwner = (postEmail && postEmail === currentEmail);
+
+        // Always show the trigger, but vary the menu content
+        const optionsHTML = `
            <button class="icon-btn-sm options-trigger">
                <svg viewBox="0 0 24 24" width="20" height="20" stroke="currentColor" fill="none" stroke-width="2"><circle cx="12" cy="12" r="1"></circle><circle cx="19" cy="12" r="1"></circle><circle cx="5" cy="12" r="1"></circle></svg>
            </button>
            <div class="options-menu">
+                ${isOwner ? `
                <button class="menu-btn delete">
                    <svg viewBox="0 0 24 24" width="16" height="16" stroke="currentColor" fill="none" stroke-width="2"><polyline points="3 6 5 6 21 6"></polyline><path d="M19 6v14a2 2 0 0 1-2 2H7a2 2 0 0 1-2-2V6m3 0V4a2 2 0 0 1 2-2h4a2 2 0 0 1 2 2v2"></path></svg>
                    Delete Post
                </button>
+                ` : `
+                <button class="menu-btn" style="opacity: 0.5; cursor: default;">Post Options</button>
+                `}
            </div>
-        ` : '';
+        `;

        let slidesHTML = '';
        let dotsHTML = '';
@@ -572,7 +607,13 @@ document.addEventListener('DOMContentLoaded', () => {
                    const postToDelete = userPosts.find(p => p.id === id);
                    const currentUser = JSON.parse(localStorage.getItem('currentUser') || '{}');

-                    if (!postToDelete || postToDelete.userEmail !== currentUser.email) {
+                    // STRICT MODE: Email Only
+                    const currentEmail = (currentUser.email || '').trim().toLowerCase();
+                    const postEmail = (postToDelete.userEmail || '').trim().toLowerCase();
+                    const isOwner = (postEmail && postEmail === currentEmail);
+
+                    if (!postToDelete || !isOwner) {
+                        console.log('Delete blocked. Owner Check Failed.');
                        alert('You can only delete your own posts.');
                        return;
                    }