diff options
| author | Luke Shumaker <lukeshu@sbcglobal.net> | 2011-09-25 21:58:38 -0700 |
|---|---|---|
| committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2011-09-25 21:58:38 -0700 |
| commit | 66f999c511833d7577a1f3d772c757e854f4f4ff (patch) | |
| tree | 5782639217b74ba6b320e85de5f2ba2f47f32200 | |
| parent | 8f42ee3fbd7a058cd51c85be0ec970ae5703b682 (diff) | |
don't allow deleted users to log in. (They'd get permission denied on everything, but they could log in)
| -rw-r--r-- | src/lib/Login.class.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/lib/Login.class.php b/src/lib/Login.class.php index 28675f6..870774a 100644 --- a/src/lib/Login.class.php +++ b/src/lib/Login.class.php @@ -7,13 +7,18 @@ class Login { public static function login($username, $password) { global $mm; - $uid = $mm->database()->getUID($username); + $db = $mm->database(); + $hasher = $mm->hasher(); + + $uid = $db->getUID($username); + if ($uid!==false && $db->getStatus($uid)>=3) + $uid=false; if ($uid===false) { // user does not exist return 2; } - $hash = $mm->database()->getPasswordHash($uid); - if ($mm->hasher()->CheckPassword($password, $hash)) { + $hash = $db->getPasswordHash($uid); + if ($hasher->CheckPassword($password, $hash)) { // success $_SESSION['uid'] = $uid; return 0; |