From: Andrew Dolgov <fox@bah.org.ru>
Date: Wed, 16 Dec 2009 11:49:33 +0000 (+0300)
Subject: api: forbid login when api is disabled
X-Git-Tag: 1.4.0~183^2~5
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=4cdd0d7ca35a37394811df817de7372daec4b2cd;p=tt-rss.git

api: forbid login when api is disabled
---

diff --git a/api/index.php b/api/index.php
index 90ca5405..332e84f5 100644
--- a/api/index.php
+++ b/api/index.php
@@ -58,10 +58,15 @@
 			$login = db_escape_string($_REQUEST["user"]);
 			$password = db_escape_string($_REQUEST["password"]);
 
-			if (authenticate_user($link, $login, $password)) {
-				print json_encode(array("uid" => $_SESSION["uid"]));
+			if (get_pref($link, "ENABLE_API_ACCESS", $login)) {
+				if (authenticate_user($link, $login, $password)) {
+					print json_encode(array("uid" => $_SESSION["uid"]));
+				} else {
+					print json_encode(array("error" => "LOGIN_ERROR"));
+				}
 			} else {
-				print json_encode(array("error" => "LOGIN_ERROR"));
+				logout_user();
+				print json_encode(array("error" => "API_DISABLED"));
 			}
 
 			break;