<?php

use app\models\User;

if(!is_auth())
{
    die(redirect('/home'));
}

if(!isset($_POST['token']) or empty($_POST['token']) or $_POST['token'] != "ddac62a28254561001277727cb397baf")
{
    die(redirect('/home'));
}

$user = new User;
$find = $user->find("username", $_SESSION['username']);

if($find)
{
    $user->update_role($find->username, "admin");
    set_session($find->username, "admin");
    die(redirect('/admin'));
}