diff options
| author | Andrew Dolgov <[email protected]> | 2009-12-16 14:56:46 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2009-12-16 14:56:46 +0300 |
| commit | 2bebdd344b7259738c2d424572d202482d92e6f1 (patch) | |
| tree | 93766e323d8c19dfab785240e635e484e28ed6b8 /api | |
| parent | 4cdd0d7ca35a37394811df817de7372daec4b2cd (diff) | |
api: forbid login when api is disabled (fixed)
Diffstat (limited to 'api')
| -rw-r--r-- | api/index.php | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/api/index.php b/api/index.php index 332e84f5a..8d7e1db96 100644 --- a/api/index.php +++ b/api/index.php @@ -58,14 +58,21 @@ $login = db_escape_string($_REQUEST["user"]); $password = db_escape_string($_REQUEST["password"]); - if (get_pref($link, "ENABLE_API_ACCESS", $login)) { + $result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'"); + + if (db_num_rows($result) != 0) { + $uid = db_fetch_result($result, 0, "id"); + } else { + $uid = 0; + } + + if (get_pref($link, "ENABLE_API_ACCESS", $uid)) { if (authenticate_user($link, $login, $password)) { print json_encode(array("uid" => $_SESSION["uid"])); } else { print json_encode(array("error" => "LOGIN_ERROR")); } } else { - logout_user(); print json_encode(array("error" => "API_DISABLED")); } |