From a5b9f8ec66654a7f83760cacb8d30a84c25a742c Mon Sep 17 00:00:00 2001
From: mdtrooper <tres.14159@gmail.com>
Date: Wed, 22 Aug 2012 15:11:44 +0000
Subject: [PATCH] 2012-08-22 Miguel de Dios <miguel.dedios@artica.es>

	* include/api.php: cleaned source code style.

	* include/auth/mysql.php: fixed the access users in the api with or
	without no_login field set.




git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@6904 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog              |  7 ++++
 pandora_console/include/api.php        |  1 +
 pandora_console/include/auth/mysql.php | 51 ++++++++++++++++++--------
 3 files changed, 44 insertions(+), 15 deletions(-)

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index efe1852466..37684c487f 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,10 @@
+2012-08-22 Miguel de Dios <miguel.dedios@artica.es>
+	
+	* include/api.php: cleaned source code style.
+	
+	* include/auth/mysql.php: fixed the access users in the api with or
+	without no_login field set.
+
 2012-08-21 Miguel de Dios <miguel.dedios@artica.es>
 	
 	* extras/pandoradb_migrate_4.0.x_to_5.0.postgreSQL.sql,
diff --git a/pandora_console/include/api.php b/pandora_console/include/api.php
index 5168f87d66..202427e293 100644
--- a/pandora_console/include/api.php
+++ b/pandora_console/include/api.php
@@ -51,6 +51,7 @@ $no_login_msg = "";
 if (isInACL($ipOrigin)) {
 	if(empty($apiPassword) || (!empty($apiPassword) && $api_password === $apiPassword)) {
 		$user_in_db = process_user_login($user, $password, true);
+		
 		if ($user_in_db !== false) {
 			$config['id_user'] = $user_in_db;
 			$correctLogin = true;
diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php
index f60311f36b..86f7356b5b 100644
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@@ -83,25 +83,46 @@ function process_user_login ($login, $pass, $api = false) {
 		// Connect to Database
 		switch ($config["dbtype"]) {
 			case "mysql":
-				$sql = sprintf ("SELECT `id_user`, `password`
-					FROM `tusuario`
-					WHERE `id_user` = '%s' AND `not_login` = " .
-						((int)$api) . "
-						AND `disabled` = 0", $login);
+				if (!$api) {
+					$sql = sprintf ("SELECT `id_user`, `password`
+						FROM `tusuario`
+						WHERE `id_user` = '%s' AND `not_login` = 0
+							AND `disabled` = 0", $login);
+				}
+				else {
+					$sql = sprintf ("SELECT `id_user`, `password`
+						FROM `tusuario`
+						WHERE `id_user` = '%s'
+							AND `disabled` = 0", $login);
+				}
 				break;
 			case "postgresql":
-				$sql = sprintf ('SELECT "id_user", "password"
-					FROM "tusuario"
-					WHERE "id_user" = \'%s\' AND "not_login" = ' .
-						((int)$api) . '
-						AND "disabled" = 0', $login);
+				if (!$api) {
+					$sql = sprintf ('SELECT "id_user", "password"
+						FROM "tusuario"
+						WHERE "id_user" = \'%s\' AND "not_login" = 0
+							AND "disabled" = 0', $login);
+				}
+				else {
+					$sql = sprintf ('SELECT "id_user", "password"
+						FROM "tusuario"
+						WHERE "id_user" = \'%s\'
+							AND "disabled" = 0', $login);
+				}
 				break;
 			case "oracle":
-				$sql = sprintf ('SELECT id_user, password
-					FROM tusuario
-					WHERE id_user = \'%s\' AND not_login = ' .
-						((int)$api) . '
-						AND disabled = 0', $login);
+				if (!$api) {
+					$sql = sprintf ('SELECT id_user, password
+						FROM tusuario
+						WHERE id_user = \'%s\' AND not_login = 0
+							AND disabled = 0', $login);
+				}
+				else {
+					$sql = sprintf ('SELECT id_user, password
+						FROM tusuario
+						WHERE id_user = \'%s\'
+							AND disabled = 0', $login);
+				}
 				break;
 		}
 		$row = db_get_row_sql ($sql);