From 65b0ee8e0b3af19bd57f07e337068eeea210a09f Mon Sep 17 00:00:00 2001
From: David <dmanning.au@gmail.com>
Date: Thu, 29 Jan 2026 18:20:35 +1100
Subject: [PATCH] PostIdentifyandloggout

---
 script.js | 51 ++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 46 insertions(+), 5 deletions(-)

diff --git a/script.js b/script.js
index 53db3c6..0ab6609 100644
--- a/script.js
+++ b/script.js
@@ -113,6 +113,32 @@ document.addEventListener('DOMContentLoaded', () => {
     let generatedOTP = null;
     let newAvatarBase64 = null;
 
+    // --- CHECK SESSION & LOGOUT ---
+    function checkSession() {
+        const currentUser = JSON.parse(localStorage.getItem('currentUser') || '{}');
+        if (currentUser.email) {
+            if (loginView) {
+                loginView.classList.add('hidden');
+                loginView.style.display = 'none';
+            }
+            if (feedView) {
+                feedView.classList.remove('hidden');
+                initFeed();
+            }
+        }
+    }
+    checkSession();
+
+    const logoutBtn = document.querySelector('.header-actions .icon-btn');
+    if (logoutBtn) {
+        logoutBtn.addEventListener('click', () => {
+            if (confirm('Log out?')) {
+                localStorage.removeItem('currentUser');
+                location.reload();
+            }
+        });
+    }
+
     // --- ONBOARDING LOGIC ---
     // Avatar Upload Handler
     if (avatarTrigger && avatarInput) {
@@ -407,20 +433,29 @@ document.addEventListener('DOMContentLoaded', () => {
         article.setAttribute('data-post-id', post.id);
 
         const currentUser = JSON.parse(localStorage.getItem('currentUser') || '{}');
-        const isOwner = post.userEmail && post.userEmail === currentUser.email;
+        const currentEmail = (currentUser.email || '').trim().toLowerCase();
+        const postEmail = (post.userEmail || '').trim().toLowerCase();
 
-        // Only show options if owner
-        const optionsHTML = isOwner ? `
+        // STRICT MODE: Email Only (as requested by User)
+        // This disables deleting legacy posts without email, but ensures security.
+        const isOwner = (postEmail && postEmail === currentEmail);
+
+        // Always show the trigger, but vary the menu content
+        const optionsHTML = `
             <button class="icon-btn-sm options-trigger">
                 <svg viewBox="0 0 24 24" width="20" height="20" stroke="currentColor" fill="none" stroke-width="2"><circle cx="12" cy="12" r="1"></circle><circle cx="19" cy="12" r="1"></circle><circle cx="5" cy="12" r="1"></circle></svg>
             </button>
             <div class="options-menu">
+                ${isOwner ? `
                 <button class="menu-btn delete">
                     <svg viewBox="0 0 24 24" width="16" height="16" stroke="currentColor" fill="none" stroke-width="2"><polyline points="3 6 5 6 21 6"></polyline><path d="M19 6v14a2 2 0 0 1-2 2H7a2 2 0 0 1-2-2V6m3 0V4a2 2 0 0 1 2-2h4a2 2 0 0 1 2 2v2"></path></svg>
                     Delete Post
                 </button>
+                ` : `
+                <button class="menu-btn" style="opacity: 0.5; cursor: default;">Post Options</button>
+                `}
             </div>
-        ` : '';
+        `;
 
         let slidesHTML = '';
         let dotsHTML = '';
@@ -572,7 +607,13 @@ document.addEventListener('DOMContentLoaded', () => {
                     const postToDelete = userPosts.find(p => p.id === id);
                     const currentUser = JSON.parse(localStorage.getItem('currentUser') || '{}');
 
-                    if (!postToDelete || postToDelete.userEmail !== currentUser.email) {
+                    // STRICT MODE: Email Only
+                    const currentEmail = (currentUser.email || '').trim().toLowerCase();
+                    const postEmail = (postToDelete.userEmail || '').trim().toLowerCase();
+                    const isOwner = (postEmail && postEmail === currentEmail);
+
+                    if (!postToDelete || !isOwner) {
+                        console.log('Delete blocked. Owner Check Failed.');
                         alert('You can only delete your own posts.');
                         return;
                     }