From: Andrew Dolgov Date: Wed, 16 Dec 2009 11:56:46 +0000 (+0300) Subject: api: forbid login when api is disabled (fixed) X-Git-Tag: 1.4.0~183^2~4 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=2bebdd344b7259738c2d424572d202482d92e6f1;p=tt-rss.git api: forbid login when api is disabled (fixed) --- diff --git a/api/index.php b/api/index.php index 332e84f5..8d7e1db9 100644 --- a/api/index.php +++ b/api/index.php @@ -58,14 +58,21 @@ $login = db_escape_string($_REQUEST["user"]); $password = db_escape_string($_REQUEST["password"]); - if (get_pref($link, "ENABLE_API_ACCESS", $login)) { + $result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'"); + + if (db_num_rows($result) != 0) { + $uid = db_fetch_result($result, 0, "id"); + } else { + $uid = 0; + } + + if (get_pref($link, "ENABLE_API_ACCESS", $uid)) { if (authenticate_user($link, $login, $password)) { print json_encode(array("uid" => $_SESSION["uid"])); } else { print json_encode(array("error" => "LOGIN_ERROR")); } } else { - logout_user(); print json_encode(array("error" => "API_DISABLED")); }