From bdea432bbb1111b685cd060423c9ec44c809d0cb Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Wed, 13 Apr 2011 14:18:33 +0400
Subject: [PATCH] api/login: properly return LOGIN_ERROR when passed an invalid
 username

---
 api/index.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/api/index.php b/api/index.php
index 7819095da..6b47d8122 100644
--- a/api/index.php
+++ b/api/index.php
@@ -80,7 +80,13 @@
 				$uid = 0;
 			}
 
-			if ($uid && get_pref($link, "ENABLE_API_ACCESS", $uid)) {
+			if (!$uid) {
+				print api_wrap_reply(API_STATUS_ERR, $seq,
+					array("error" => "LOGIN_ERROR"));
+				return;
+			}
+
+			if (get_pref($link, "ENABLE_API_ACCESS", $uid)) {
 				if (authenticate_user($link, $login, $password)) {               // try login with normal password
 					print api_wrap_reply(API_STATUS_OK, $seq,
 						array("session_id" => session_id()));