api: forbid login when api is disabled

This commit is contained in:
Andrew Dolgov 2009-12-16 14:49:33 +03:00
parent 3a216db45c
commit 4cdd0d7ca3

View file

@ -58,10 +58,15 @@
$login = db_escape_string($_REQUEST["user"]);
$password = db_escape_string($_REQUEST["password"]);
if (authenticate_user($link, $login, $password)) {
print json_encode(array("uid" => $_SESSION["uid"]));
if (get_pref($link, "ENABLE_API_ACCESS", $login)) {
if (authenticate_user($link, $login, $password)) {
print json_encode(array("uid" => $_SESSION["uid"]));
} else {
print json_encode(array("error" => "LOGIN_ERROR"));
}
} else {
print json_encode(array("error" => "LOGIN_ERROR"));
logout_user();
print json_encode(array("error" => "API_DISABLED"));
}
break;