Fixed logic bug in login()

git-svn-id: https://code.elgg.org/elgg/trunk@2745 36083f99-b078-4883-b0ff-0f9b5a30f544

1 files changed, 6 insertions, 3 deletions

diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index dfe2bda53..468bc2233 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -192,10 +192,13 @@
 				
 	            if ($user = get_user_by_username($credentials['username'])) {
 	            		            	
-	            	// Let admins log in without validating their email, but normal users must have validated their email
-					if ((!$user->admin) && (!$user->validated) && (!$user->admin_created) && (!$user->isBanned()))
+	            	// Let admins log in without validating their email, but normal users must have validated their email or been admin created
+					if ((!$user->admin) && (!$user->validated) && (!$user->admin_created))
 						return false;
-	          	
+	          	

+					 // User has been banned, so bin them.

+					 if ($user->isBanned()) return false;

+						
 	                 if ($user->password == generate_user_password($user, $credentials['password'])) 
 	                 	
 	                 	return true;