aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-02-13 14:21:48 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-02-13 14:21:48 +0000
commita1a3677c24ef96dbf682a83743a6fce7111eac2a (patch)
tree187d470115c59e6d02e8bf347091c2df1801ed23
parent945da1afe0b3315a289f9694311ff878b5a65a7b (diff)
downloadelgg-a1a3677c24ef96dbf682a83743a6fce7111eac2a.tar.gz
elgg-a1a3677c24ef96dbf682a83743a6fce7111eac2a.tar.bz2
Fixed logic bug in login()
git-svn-id: https://code.elgg.org/elgg/trunk@2745 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--engine/lib/sessions.php9
1 files changed, 6 insertions, 3 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index dfe2bda53..468bc2233 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -192,10 +192,13 @@
if ($user = get_user_by_username($credentials['username'])) {
- // Let admins log in without validating their email, but normal users must have validated their email
- if ((!$user->admin) && (!$user->validated) && (!$user->admin_created) && (!$user->isBanned()))
+ // Let admins log in without validating their email, but normal users must have validated their email or been admin created
+ if ((!$user->admin) && (!$user->validated) && (!$user->admin_created))
return false;
-
+
+ // User has been banned, so bin them.
+ if ($user->isBanned()) return false;
+
if ($user->password == generate_user_password($user, $credentials['password']))
return true;