fixed three bugs found by purdyk with the api

3 files changed, 3 insertions, 2 deletions

diff --git a/lib/class/access.class.php b/lib/class/access.class.php
index 2d1ac3e5..462d5e71 100644
--- a/lib/class/access.class.php
+++ b/lib/class/access.class.php
@@ -191,6 +191,7 @@ class Access {
 					" AND  `key` = '$key' AND `level` >= '$level' AND `type`='rpc'";
 			break;
 			case 'init-api':
+				$type = 'rpc';
 			case 'network':
 			case 'interface':
 			case 'stream':
diff --git a/lib/class/api.class.php b/lib/class/api.class.php
index c7391837..a580bfbe 100644
--- a/lib/class/api.class.php
+++ b/lib/class/api.class.php
@@ -105,7 +105,7 @@ class Api {
 		$token = md5(uniqid(rand(), true));
 		$level = Dba::escape($level); 
 		$agent = Dba::escape($_SERVER['HTTP_USER_AGENT']); 
-		$expire = time() + Config::('session_length'); 
+		$expire = time() + Config::get('session_length'); 
 
 		$sql = "REPLACE INTO `session_api` (`id`,`user`,`agent`,`level`,`expire`,`ip`) " . 
 			"VALUES ('$token','$user_id','$agent','$level','$expire','$ip')"; 
diff --git a/server/xml.server.php b/server/xml.server.php
index d1464dca..10da2e97 100644
--- a/server/xml.server.php
+++ b/server/xml.server.php
@@ -47,7 +47,7 @@ if (!Config::get('access_control')) {
  * Verify the existance of the Session they passed in we do allow them to
  * login via this interface so we do have an exception for action=login
  */
-if ((!Access::session_exists(array(),$_REQUEST['auth'],'api') AND $_REQUEST['action'] != 'handshake') || !Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'])) { 
+if ((!Access::session_exists(array(),$_REQUEST['auth'],'api') AND $_REQUEST['action'] != 'handshake') || !Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],'5')) { 
 	debug_event('Access Denied','Invalid Session or unathorized access attempt to API','5'); 
 	ob_end_clean(); 
         echo xmlData::error('Access Denied due to ACL or unauthorized access attempt to API, attempt logged');