]> git.wh0rd.org Git - tt-rss.git/commitdiff
api/login: properly return LOGIN_ERROR when passed an invalid username
authorAndrew Dolgov <fox@madoka.volgo-balt.ru>
Wed, 13 Apr 2011 10:18:33 +0000 (14:18 +0400)
committerAndrew Dolgov <fox@madoka.volgo-balt.ru>
Wed, 13 Apr 2011 10:18:33 +0000 (14:18 +0400)
api/index.php

index 7819095da954c1eda0c101ab1490ee158f18eab6..6b47d81224c9fce18e497898c7aff2c99a5faff2 100644 (file)
                                $uid = 0;
                        }
 
-                       if ($uid && get_pref($link, "ENABLE_API_ACCESS", $uid)) {
+                       if (!$uid) {
+                               print api_wrap_reply(API_STATUS_ERR, $seq,
+                                       array("error" => "LOGIN_ERROR"));
+                               return;
+                       }
+
+                       if (get_pref($link, "ENABLE_API_ACCESS", $uid)) {
                                if (authenticate_user($link, $login, $password)) {               // try login with normal password
                                        print api_wrap_reply(API_STATUS_OK, $seq,
                                                array("session_id" => session_id()));