summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLuke Shumaker <lukeshu@sbcglobal.net>2011-09-25 21:58:38 -0700
committerLuke Shumaker <lukeshu@sbcglobal.net>2011-09-25 21:58:38 -0700
commit66f999c511833d7577a1f3d772c757e854f4f4ff (patch)
tree5782639217b74ba6b320e85de5f2ba2f47f32200 /src
parent8f42ee3fbd7a058cd51c85be0ec970ae5703b682 (diff)
don't allow deleted users to log in. (They'd get permission denied on everything, but they could log in)
Diffstat (limited to 'src')
-rw-r--r--src/lib/Login.class.php11
1 files changed, 8 insertions, 3 deletions
diff --git a/src/lib/Login.class.php b/src/lib/Login.class.php
index 28675f6..870774a 100644
--- a/src/lib/Login.class.php
+++ b/src/lib/Login.class.php
@@ -7,13 +7,18 @@ class Login {
public static function login($username, $password) {
global $mm;
- $uid = $mm->database()->getUID($username);
+ $db = $mm->database();
+ $hasher = $mm->hasher();
+
+ $uid = $db->getUID($username);
+ if ($uid!==false && $db->getStatus($uid)>=3)
+ $uid=false;
if ($uid===false) {
// user does not exist
return 2;
}
- $hash = $mm->database()->getPasswordHash($uid);
- if ($mm->hasher()->CheckPassword($password, $hash)) {
+ $hash = $db->getPasswordHash($uid);
+ if ($hasher->CheckPassword($password, $hash)) {
// success
$_SESSION['uid'] = $uid;
return 0;