From 086c820cdcab834fe252ff2e76fa84afd491a3f2 Mon Sep 17 00:00:00 2001 From: marcus Date: Wed, 24 Sep 2008 13:22:43 +0000 Subject: Will now handle banned users git-svn-id: https://code.elgg.org/elgg/trunk@2110 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/api.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'engine/lib') diff --git a/engine/lib/api.php b/engine/lib/api.php index a44a4fc72..3b84e9341 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -749,8 +749,11 @@ $validated_userid = validate_user_token($CONFIG->site_id, $token); - if ($validated_userid) - login(get_entity($validated_userid)); + if ($validated_userid) { + $u = get_entity($validated_userid); + if (!$u) return false; // Could we get the user? + if (!login($u)) return false; // Fail if we couldn't log the user in (likely means they were banned). + } if ((!$METHODS[$method]["require_auth_token"]) || ($validated_userid) || (isloggedin())) return true; -- cgit v1.2.3