Will now handle banned users

git-svn-id: https://code.elgg.org/elgg/trunk@2110 36083f99-b078-4883-b0ff-0f9b5a30f544
author: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> 2008-09-24 13:22:43 +0000
committer: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> 2008-09-24 13:22:43 +0000
commit: 086c820cdcab834fe252ff2e76fa84afd491a3f2 (patch)
tree: 8578ed22da863c81d891538fae28a4fd349decf3 /engine/lib/api.php
parent: db3543cf2a9e59243c1b35be0078a0b9535a8824 (diff)
download: elgg-086c820cdcab834fe252ff2e76fa84afd491a3f2.tar.gz
elgg-086c820cdcab834fe252ff2e76fa84afd491a3f2.tar.bz2
1 files changed, 5 insertions, 2 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php
index a44a4fc72..3b84e9341 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -749,8 +749,11 @@
 		
 		$validated_userid = validate_user_token($CONFIG->site_id, $token); 
 		
-		if ($validated_userid)
-			login(get_entity($validated_userid));
+		if ($validated_userid) {
+			$u = get_entity($validated_userid);
+			if (!$u) return false; // Could we get the user?
+			if (!login($u)) return false; // Fail if we couldn't log the user in (likely means they were banned).
+		}
 		
 		if ((!$METHODS[$method]["require_auth_token"]) || ($validated_userid) || (isloggedin()))
 			return true;
author	marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>	2008-09-24 13:22:43 +0000
committer	marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>	2008-09-24 13:22:43 +0000
commit	086c820cdcab834fe252ff2e76fa84afd491a3f2 (patch)
tree	8578ed22da863c81d891538fae28a4fd349decf3 /engine/lib/api.php
parent	db3543cf2a9e59243c1b35be0078a0b9535a8824 (diff)
download	elgg-086c820cdcab834fe252ff2e76fa84afd491a3f2.tar.gz elgg-086c820cdcab834fe252ff2e76fa84afd491a3f2.tar.bz2