api/login: properly return LOGIN_ERROR when passed an invalid username

author Andrew Dolgov <fox@madoka.volgo-balt.ru>

Wed, 13 Apr 2011 10:18:33 +0000 (14:18 +0400)

committer Andrew Dolgov <fox@madoka.volgo-balt.ru>

Wed, 13 Apr 2011 10:18:33 +0000 (14:18 +0400)
author Andrew Dolgov <fox@madoka.volgo-balt.ru>
Wed, 13 Apr 2011 10:18:33 +0000 (14:18 +0400)
committer Andrew Dolgov <fox@madoka.volgo-balt.ru>
Wed, 13 Apr 2011 10:18:33 +0000 (14:18 +0400)
diff --git a/api/index.php b/api/index.php

index 7819095da954c1eda0c101ab1490ee158f18eab6..6b47d81224c9fce18e497898c7aff2c99a5faff2 100644 (file)
--- a/api/index.php
+++ b/api/index.php
@@ -80,7 +80,13 @@
                                 $uid = 0;
                         }
  
-                       if ($uid && get_pref($link, "ENABLE_API_ACCESS", $uid)) {
+                       if (!$uid) {
+                               print api_wrap_reply(API_STATUS_ERR, $seq,
+                                       array("error" => "LOGIN_ERROR"));
+                               return;
+                       }
+
+                       if (get_pref($link, "ENABLE_API_ACCESS", $uid)) {
                                 if (authenticate_user($link, $login, $password)) {               // try login with normal password
                                         print api_wrap_reply(API_STATUS_OK, $seq,
                                                 array("session_id" => session_id()));
author	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Wed, 13 Apr 2011 10:18:33 +0000 (14:18 +0400)
committer	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Wed, 13 Apr 2011 10:18:33 +0000 (14:18 +0400)