From ea0eeca2d3e4bdd5379d9102d7fbc6ab2524ec31 Mon Sep 17 00:00:00 2001
From: Karl 'vollmerk' Vollmer <vollmer@ampache.org>
Date: Tue, 18 Mar 2008 02:25:38 +0000
Subject: split out the api errors so that it is easier to tell when you should
 do a new handshake

---
 server/xml.server.php | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/server/xml.server.php b/server/xml.server.php
index 3da772d1..aeae5798 100644
--- a/server/xml.server.php
+++ b/server/xml.server.php
@@ -48,11 +48,18 @@ if (!Config::get('access_control')) {
  * login via this interface so we do have an exception for action=login
  */
 
+if ((!vauth::session_exists('api', $_REQUEST['auth']) AND $_REQUEST['action'] != 'handshake')) { 
+	debug_event('Access Denied','Invalid Session attempt to API [' . $_REQUEST['action'] . ']','5'); 
+	ob_end_clean(); 
+	echo xmlData::error('Session Expired');
+	exit(); 
+} 
+
 
-if ((!vauth::session_exists('api', $_REQUEST['auth']) AND $_REQUEST['action'] != 'handshake') || !Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],'5')) { 
-	debug_event('Access Denied','Invalid Session or unathorized access attempt to API [' . $_REQUEST['action'] . ']', '5');
+if (!Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],'5')) { 
+	debug_event('Access Denied','Unathorized access attempt to API [' . $_SERVER['REMOTE_ADDR'] . ']', '5');
 	ob_end_clean(); 
-        echo xmlData::error('Access Denied due to ACL or unauthorized access attempt to API, attempt logged');
+        echo xmlData::error('ACL Error');
 	exit(); 
 }
 
-- 
cgit