From 4cdd0d7ca35a37394811df817de7372daec4b2cd Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 16 Dec 2009 14:49:33 +0300 Subject: [PATCH] api: forbid login when api is disabled --- api/index.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/api/index.php b/api/index.php index 90ca5405c..332e84f5a 100644 --- a/api/index.php +++ b/api/index.php @@ -58,10 +58,15 @@ $login = db_escape_string($_REQUEST["user"]); $password = db_escape_string($_REQUEST["password"]); - if (authenticate_user($link, $login, $password)) { - print json_encode(array("uid" => $_SESSION["uid"])); + if (get_pref($link, "ENABLE_API_ACCESS", $login)) { + if (authenticate_user($link, $login, $password)) { + print json_encode(array("uid" => $_SESSION["uid"])); + } else { + print json_encode(array("error" => "LOGIN_ERROR")); + } } else { - print json_encode(array("error" => "LOGIN_ERROR")); + logout_user(); + print json_encode(array("error" => "API_DISABLED")); } break;