X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=api%2Findex.php;h=3fbf6bf575e914e271080b3a850be667790d9d3f;hb=81fc862e370a1dfbd3941206fd00076e3cbf0551;hp=823b9527e90319645c98d58e387420b906c514d9;hpb=ba68b6815ab31d17cda113e7990eeb07558b02a9;p=tt-rss.git

diff --git a/api/index.php b/api/index.php
index 823b9527..3fbf6bf5 100644
--- a/api/index.php
+++ b/api/index.php
@@ -13,11 +13,13 @@
 	define('TTRSS_SESSION_NAME', 'ttrss_api_sid');
 	define('NO_SESSION_AUTOSTART', true);
 
+	require_once "autoload.php";
 	require_once "db.php";
 	require_once "db-prefs.php";
 	require_once "functions.php";
 	require_once "sessions.php";
 
+	ini_set('session.use_cookies', 0);
 	ini_set("session.gc_maxlifetime", 86400);
 
 	define('AUTH_DISABLE_OTP', true);
@@ -30,8 +32,6 @@
 		ob_start();
 	}
 
-	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
-
 	$input = file_get_contents("php://input");
 
 	if (defined('_API_DEBUG_HTTP_ENABLED') && _API_DEBUG_HTTP_ENABLED) {
@@ -54,11 +54,27 @@
 		@session_start();
 	}
 
-	if (!init_plugins($link)) return;
+	startup_gettext();
+
+	if (!init_plugins()) return;
+
+	if ($_SESSION["uid"]) {
+		if (!validate_session()) {
+			header("Content-Type: text/json");
+
+			print json_encode(array("seq" => -1,
+				"status" => 1,
+				"content" => array("error" => "NOT_LOGGED_IN")));
+
+			return;
+		}
+
+		load_user_plugins( $_SESSION["uid"]);
+	}
 
 	$method = strtolower($_REQUEST["op"]);
 
-	$handler = new API($link, $_REQUEST);
+	$handler = new API($_REQUEST);
 
 	if ($handler->before($method)) {
 		if ($method && method_exists($handler, $method)) {
@@ -69,9 +85,7 @@
 		$handler->after();
 	}
 
-	db_close($link);
-
 	header("Api-Content-Length: " . ob_get_length());
 
 	ob_end_flush();
-?>
+