Quick fix to make sure you can't switch to an inactive conference through the API

api.php

@@ -195,16 +195,22 @@ switch($request[0]) {
 		*/
 		if($request[1]=="switch") {
 			if($_POST['conferences_id']) {
-				//this makes sure its valid and sets teh session
+				//this makes sure its valid and sets the sessiona
-				switchConference($_POST['conferences_id']);
+				$cid = intval($_POST['conferences_id']);
+				if(switchConference($cid)){
 
 					//get rid of their current roles, and load their record for the new conference
 					if(is_array($_SESSION['roles'])) {
 						$_SESSION['roles']=array();
-					user_conference_load($_SESSION['accounts_id'],$_SESSION['conferences_id']);
+						user_conference_load($_SESSION['accounts_id'], $cid);
 					}
 					$ret['status']="ok";
-				$ret['conferences_id']=$_SESSION['conferences_id'];
+					$ret['conferences_id'] = $cid;
+				}else{
+					// not a valid conference id
+					$ret['status'] = "error";
+					$ret['error'] = "Conference ID #$cid is either inactive or invalid";
+				}
 			} else {
 				$ret['status']="error";
 				$ret['error']='conferences_id (integer) is required';

common.inc.bootstrap.php

@@ -211,13 +211,16 @@ if(!$_SESSION['conferences_id']) {
 	}*/
 }
 
+// switch tho the conference of the specified ID.  Returns true on success, false otherwise.
 function switchConference($cid) {
+	$rval = false;
 	$cid=intval($cid);
-//	echo "cid=$cid";
 	$q=mysql_query("SELECT * FROM conferences WHERE id='$cid' AND status='running'");
 	if($r=mysql_fetch_object($q)) {
 		$_SESSION['conferences_id']=$cid;
+		$rval = true;
 	}
+	return $rval;
 }
 //move the conference stuff before the configuration loading, so we can load the right configuration for the conference :)
 if(isset($_GET['switchconference'])) {