From a1a3677c24ef96dbf682a83743a6fce7111eac2a Mon Sep 17 00:00:00 2001 From: marcus Date: Fri, 13 Feb 2009 14:21:48 +0000 Subject: Fixed logic bug in login() git-svn-id: https://code.elgg.org/elgg/trunk@2745 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/sessions.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'engine') diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index dfe2bda53..468bc2233 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -192,10 +192,13 @@ if ($user = get_user_by_username($credentials['username'])) { - // Let admins log in without validating their email, but normal users must have validated their email - if ((!$user->admin) && (!$user->validated) && (!$user->admin_created) && (!$user->isBanned())) + // Let admins log in without validating their email, but normal users must have validated their email or been admin created + if ((!$user->admin) && (!$user->validated) && (!$user->admin_created)) return false; - + + // User has been banned, so bin them. + if ($user->isBanned()) return false; + if ($user->password == generate_user_password($user, $credentials['password'])) return true; -- cgit v1.2.3