diff options
Diffstat (limited to 'classes/api.php')
-rwxr-xr-x | classes/api.php | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/classes/api.php b/classes/api.php index 18f9c83b5..a0ee773c1 100755 --- a/classes/api.php +++ b/classes/api.php @@ -36,7 +36,7 @@ class API extends Handler { return false; } - if (!empty($_SESSION["uid"]) && $method != "logout" && !get_pref('ENABLE_API_ACCESS')) { + if (!empty($_SESSION["uid"]) && $method != "logout" && !get_pref(Prefs::ENABLE_API_ACCESS)) { $this->_wrap(self::STATUS_ERR, array("error" => self::E_API_DISABLED)); return false; } @@ -59,25 +59,24 @@ class API extends Handler { } function login() { - @session_destroy(); - @session_start(); + + if (session_status() == PHP_SESSION_ACTIVE) { + session_destroy(); + } + + session_start(); $login = clean($_REQUEST["user"]); $password = clean($_REQUEST["password"]); - $password_base64 = base64_decode(clean($_REQUEST["password"])); if (Config::get(Config::SINGLE_USER_MODE)) $login = "admin"; if ($uid = UserHelper::find_user_by_login($login)) { - if (get_pref("ENABLE_API_ACCESS", $uid)) { - if (UserHelper::authenticate($login, $password, false, Auth_Base::AUTH_SERVICE_API)) { // try login with normal password + if (get_pref(Prefs::ENABLE_API_ACCESS, $uid)) { + if (UserHelper::authenticate($login, $password, false, Auth_Base::AUTH_SERVICE_API)) { $this->_wrap(self::STATUS_OK, array("session_id" => session_id(), "api_level" => self::API_LEVEL)); - } else if (UserHelper::authenticate($login, $password_base64, false, Auth_Base::AUTH_SERVICE_API)) { // else try with base64_decoded password - $this->_wrap(self::STATUS_OK, array("session_id" => session_id(), - "api_level" => self::API_LEVEL)); - } else { // else we are not logged in - user_error("Failed login attempt for $login from " . UserHelper::get_user_ip(), E_USER_WARNING); + } else { $this->_wrap(self::STATUS_ERR, array("error" => self::E_LOGIN_ERROR)); } } else { |