From d03e90d3c006bde29d30e1a4b2b8e5d38939f669 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Thu, 10 Oct 2019 07:13:50 +0200
Subject: [PATCH] [Web] Disable API as username

---
 data/web/inc/functions.admin.inc.php        | 2 +-
 data/web/inc/functions.domain_admin.inc.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/functions.admin.inc.php b/data/web/inc/functions.admin.inc.php
index f9aee508..660aed69 100644
--- a/data/web/inc/functions.admin.inc.php
+++ b/data/web/inc/functions.admin.inc.php
@@ -19,7 +19,7 @@ function admin($_action, $_data = null) {
       $password		= $_data['password'];
       $password2  = $_data['password2'];
       $active     = intval($_data['active']);
-      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username)) {
+      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username) || $username == 'API') {
         $_SESSION['return'][] = array(
           'type' => 'danger',
           'log' => array(__FUNCTION__, $_action, $_data_log),
diff --git a/data/web/inc/functions.domain_admin.inc.php b/data/web/inc/functions.domain_admin.inc.php
index 9c29b561..00cb35fc 100644
--- a/data/web/inc/functions.domain_admin.inc.php
+++ b/data/web/inc/functions.domain_admin.inc.php
@@ -31,7 +31,7 @@ function domain_admin($_action, $_data = null) {
         );
         return false;
       }
-      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username)) {
+      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username) || $username == 'API') {
         $_SESSION['return'][] = array(
           'type' => 'danger',
           'log' => array(__FUNCTION__, $_action, $_data_log),