2012-08-22 Miguel de Dios <miguel.dedios@artica.es>

* include/api.php: cleaned source code style. * include/auth/mysql.php: fixed the access users in the api with or without no_login field set. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@6904 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2012-08-22 15:11:44 +00:00 · 2012-08-22 15:11:44 +00:00 · e77d6879a0
parent 4748c7b1f6
commit e77d6879a0
3 changed files with 44 additions and 15 deletions
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@ -1,3 +1,10 @@
+2012-08-22 Miguel de Dios <miguel.dedios@artica.es>
+	
+	* include/api.php: cleaned source code style.
+	
+	* include/auth/mysql.php: fixed the access users in the api with or
+	without no_login field set.
+
 2012-08-21 Miguel de Dios <miguel.dedios@artica.es>
 	
 	* extras/pandoradb_migrate_4.0.x_to_5.0.postgreSQL.sql,
--- a/pandora_console/include/api.php
+++ b/pandora_console/include/api.php
@ -51,6 +51,7 @@ $no_login_msg = "";
 if (isInACL($ipOrigin)) {
 	if(empty($apiPassword) || (!empty($apiPassword) && $api_password === $apiPassword)) {
 		$user_in_db = process_user_login($user, $password, true);
+		
 		if ($user_in_db !== false) {
 			$config['id_user'] = $user_in_db;
 			$correctLogin = true;
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@ -83,25 +83,46 @@ function process_user_login ($login, $pass, $api = false) {
 		// Connect to Database
 		switch ($config["dbtype"]) {
 			case "mysql":
+				if (!$api) {
 					$sql = sprintf ("SELECT `id_user`, `password`
 						FROM `tusuario`
-					WHERE `id_user` = '%s' AND `not_login` = " .
-						((int)$api) . "
+						WHERE `id_user` = '%s' AND `not_login` = 0
 							AND `disabled` = 0", $login);
+				}
+				else {
+					$sql = sprintf ("SELECT `id_user`, `password`
+						FROM `tusuario`
+						WHERE `id_user` = '%s'
+							AND `disabled` = 0", $login);
+				}
 				break;
 			case "postgresql":
+				if (!$api) {
 					$sql = sprintf ('SELECT "id_user", "password"
 						FROM "tusuario"
-					WHERE "id_user" = \'%s\' AND "not_login" = ' .
-						((int)$api) . '
+						WHERE "id_user" = \'%s\' AND "not_login" = 0
 							AND "disabled" = 0', $login);
+				}
+				else {
+					$sql = sprintf ('SELECT "id_user", "password"
+						FROM "tusuario"
+						WHERE "id_user" = \'%s\'
+							AND "disabled" = 0', $login);
+				}
 				break;
 			case "oracle":
+				if (!$api) {
 					$sql = sprintf ('SELECT id_user, password
 						FROM tusuario
-					WHERE id_user = \'%s\' AND not_login = ' .
-						((int)$api) . '
+						WHERE id_user = \'%s\' AND not_login = 0
 							AND disabled = 0', $login);
+				}
+				else {
+					$sql = sprintf ('SELECT id_user, password
+						FROM tusuario
+						WHERE id_user = \'%s\'
+							AND disabled = 0', $login);
+				}
 				break;
 		}
 		$row = db_get_row_sql ($sql);