From 608b9d740ae988de809ff40c13d0743f38600b3c Mon Sep 17 00:00:00 2001
From: Stuart H Jimenez <eminezartus@gmail.com>
Date: Tue, 9 Dec 2014 13:45:34 -0600
Subject: [PATCH] If you use an api key you wont have to set a user name, if
 you don't use a key you will have to login as admin.

---
 web/api/index.php | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/web/api/index.php b/web/api/index.php
index 80354da07..c0b420dbe 100644
--- a/web/api/index.php
+++ b/web/api/index.php
@@ -6,6 +6,12 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
     // Authentication
     $auth_code = 1;
     if (empty($_POST['hash'])) {
+        // Check user permission to use API
+        if ($_POST['user'] != 'admin') {
+            echo 'Error: only admin is allowed to use API';
+            exit;
+        }
+        
         $v_user = escapeshellarg($_POST['user']);
         $v_password = escapeshellarg($_POST['password']);
         exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$_SERVER["REMOTE_ADDR"]."'",  $output, $auth_code);
@@ -20,13 +26,6 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
         echo 'Error: authentication failed';
         exit;
     }
-
-    // Check user permission to use API
-    if ($_POST['user'] != 'admin') {
-        echo 'Error: only admin is allowed to use API';
-        exit;
-    }
-    
     
     // Prepare arguments
     if (isset($_POST['cmd'])) $cmd = escapeshellarg($_POST['cmd']);