diff options
author | Andrew Dolgov <[email protected]> | 2009-12-16 14:49:33 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2009-12-16 14:49:33 +0300 |
commit | 4cdd0d7ca35a37394811df817de7372daec4b2cd (patch) | |
tree | 99991c1463585967067dc562452ef7a9cc1e2c3d /api/index.php | |
parent | 3a216db45c510f2601fcdb3b879e2e20dce63dd5 (diff) |
api: forbid login when api is disabled
Diffstat (limited to 'api/index.php')
-rw-r--r-- | api/index.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/api/index.php b/api/index.php index 90ca5405c..332e84f5a 100644 --- a/api/index.php +++ b/api/index.php @@ -58,10 +58,15 @@ $login = db_escape_string($_REQUEST["user"]); $password = db_escape_string($_REQUEST["password"]); - if (authenticate_user($link, $login, $password)) { - print json_encode(array("uid" => $_SESSION["uid"])); + if (get_pref($link, "ENABLE_API_ACCESS", $login)) { + if (authenticate_user($link, $login, $password)) { + print json_encode(array("uid" => $_SESSION["uid"])); + } else { + print json_encode(array("error" => "LOGIN_ERROR")); + } } else { - print json_encode(array("error" => "LOGIN_ERROR")); + logout_user(); + print json_encode(array("error" => "API_DISABLED")); } break; |