From a1a3677c24ef96dbf682a83743a6fce7111eac2a Mon Sep 17 00:00:00 2001
From: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Fri, 13 Feb 2009 14:21:48 +0000
Subject: Fixed logic bug in login()

git-svn-id: https://code.elgg.org/elgg/trunk@2745 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/sessions.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'engine/lib/sessions.php')

diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index dfe2bda53..468bc2233 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -192,10 +192,13 @@
 				
 	            if ($user = get_user_by_username($credentials['username'])) {
 	            		            	
-	            	// Let admins log in without validating their email, but normal users must have validated their email
-					if ((!$user->admin) && (!$user->validated) && (!$user->admin_created) && (!$user->isBanned()))
+	            	// Let admins log in without validating their email, but normal users must have validated their email or been admin created
+					if ((!$user->admin) && (!$user->validated) && (!$user->admin_created))
 						return false;
-	          	
+	          	
+					 // User has been banned, so bin them.
+					 if ($user->isBanned()) return false;
+						
 	                 if ($user->password == generate_user_password($user, $credentials['password'])) 
 	                 	
 	                 	return true;
-- 
cgit v1.2.3