api: properly handle incorrect UID passed to login

author Andrew Dolgov <fox@bah.org.ru>

Wed, 28 Jul 2010 10:32:09 +0000 (14:32 +0400)

committer Andrew Dolgov <fox@bah.org.ru>

Wed, 28 Jul 2010 10:32:09 +0000 (14:32 +0400)
author Andrew Dolgov <fox@bah.org.ru>
Wed, 28 Jul 2010 10:32:09 +0000 (14:32 +0400)
committer Andrew Dolgov <fox@bah.org.ru>
Wed, 28 Jul 2010 10:32:09 +0000 (14:32 +0400)
diff --git a/api/index.php b/api/index.php

index 64e9741a38036ab23f821f88903a7766e05bcec5..8d69e1a7351bd63383b3372fceafa9384fda1e52 100644 (file)
--- a/api/index.php
+++ b/api/index.php
@@ -61,7 +61,7 @@
                                 $uid = 0;
                         }
  
-                       if (get_pref($link, "ENABLE_API_ACCESS", $uid)) {
+                       if ($uid && get_pref($link, "ENABLE_API_ACCESS", $uid)) {
                                 if (authenticate_user($link, $login, $password)) {
                                         print json_encode(array("session_id" => session_id()));
                                 } else {
author	Andrew Dolgov <fox@bah.org.ru>
	Wed, 28 Jul 2010 10:32:09 +0000 (14:32 +0400)
committer	Andrew Dolgov <fox@bah.org.ru>
	Wed, 28 Jul 2010 10:32:09 +0000 (14:32 +0400)