From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Wed, 13 Apr 2011 10:18:33 +0000 (+0400)
Subject: api/login: properly return LOGIN_ERROR when passed an invalid username
X-Git-Tag: 1.5.3~51
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=bdea432bbb1111b685cd060423c9ec44c809d0cb;p=tt-rss.git

api/login: properly return LOGIN_ERROR when passed an invalid username
---

diff --git a/api/index.php b/api/index.php
index 7819095d..6b47d812 100644
--- a/api/index.php
+++ b/api/index.php
@@ -80,7 +80,13 @@
 				$uid = 0;
 			}
 
-			if ($uid && get_pref($link, "ENABLE_API_ACCESS", $uid)) {
+			if (!$uid) {
+				print api_wrap_reply(API_STATUS_ERR, $seq,
+					array("error" => "LOGIN_ERROR"));
+				return;
+			}
+
+			if (get_pref($link, "ENABLE_API_ACCESS", $uid)) {
 				if (authenticate_user($link, $login, $password)) {               // try login with normal password
 					print api_wrap_reply(API_STATUS_OK, $seq,
 						array("session_id" => session_id()));