]> git.wh0rd.org - tt-rss.git/commitdiff
git.wh0rd.org / tt-rss.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4cdd0d7)
api: forbid login when api is disabled (fixed)
authorAndrew Dolgov <fox@bah.org.ru>
Wed, 16 Dec 2009 11:56:46 +0000 (14:56 +0300)
committerAndrew Dolgov <fox@bah.org.ru>
Wed, 16 Dec 2009 11:56:46 +0000 (14:56 +0300)
api/index.php patch | blob | blame | history

diff --git a/api/index.php b/api/index.php
index 332e84f5a5d00dd5858512216721580cc03e9d11..8d7e1db960d65cb34c817f963c1f27f0fe2e2b51 100644 (file)
--- a/api/index.php
+++ b/api/index.php
@@ -58,14 +58,21 @@
                        $login = db_escape_string($_REQUEST["user"]);
                        $password = db_escape_string($_REQUEST["password"]);
 
-                       if (get_pref($link, "ENABLE_API_ACCESS", $login)) {
+                       $result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'");
+
+                       if (db_num_rows($result) != 0) {
+                               $uid = db_fetch_result($result, 0, "id");
+                       } else {
+                               $uid = 0;
+                       }
+
+                       if (get_pref($link, "ENABLE_API_ACCESS", $uid)) {
                                if (authenticate_user($link, $login, $password)) {
                                        print json_encode(array("uid" => $_SESSION["uid"]));
                                } else {
                                        print json_encode(array("error" => "LOGIN_ERROR"));
                                }
                        } else {
-                               logout_user();
                                print json_encode(array("error" => "API_DISABLED"));
                        }
 
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/