#59 We check for an active user on login

2014-10-24 20:23:19 -04:00 · 2014-10-24 20:23:19 -04:00 · 6c126ec78e
commit 6c126ec78e
parent 270a796090
1 changed files with 12 additions and 1 deletions
--- a/admin/index.php
+++ b/admin/index.php
@ -197,10 +197,21 @@ function do_login()

 	unset($_SESSION['pass']);

+
+
 	/* Login successful, clean brute force attempts */
 	hesk_cleanBfAttempts();

-	/* Regenerate session ID (security) */
+    /* Make sure our user is active */
+    if (!$_SESSION['active']) {
+        hesk_session_stop();
+        $_SESSION['a_iserror'] = array('active');
+        hesk_process_messages($hesklang['inactive_user'], 'NOREDIRECT');
+        print_login();
+        exit();
+    }
+
+    /* Regenerate session ID (security) */
 	hesk_session_regenerate_id();

 	/* Remember username? */