From 016811c4143410552940554aa45131679b03ff7f Mon Sep 17 00:00:00 2001 From: Stephan Kasdorf Date: Mon, 7 Sep 2020 21:26:20 +0200 Subject: [PATCH] Version 0.9.5 beta - added account activation on the auth extension in the core, now users can be enabled and disabled by standard. --- core/c/auth.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/c/auth.php b/core/c/auth.php index ba8b185..116a6d8 100644 --- a/core/c/auth.php +++ b/core/c/auth.php @@ -52,8 +52,8 @@ class Auth extends Controller implements IAuth if(!array_key_exists('auth', $_SESSION)) { - $user_password = Pdo::query("SELECT DES_DECRYPT(user_pass, '".Config::getInstance()->getConfig()[IView::NIBIRU_SECURITY]["password_hash"]."') AS pass FROM user WHERE user_login = '".$login."';"); - if( $user_password["pass"] == $password ) + $user_password = Pdo::query("SELECT user_account_active, DES_DECRYPT(user_pass, '".Config::getInstance()->getConfig()[IView::NIBIRU_SECURITY]["password_hash"]."') AS pass FROM user WHERE user_login = '".$login."';"); + if( $user_password["pass"] == $password && $user_password['user_account_active'] ) { $session_id = session_id(); $_SESSION['auth']['id'] = $session_id;