From d9616cbe16c48f3350e98c74b3a3a4dfd9c24864 Mon Sep 17 00:00:00 2001 From: "Paul S. Owen" Date: Mon, 11 Feb 2002 12:42:23 +0000 Subject: [PATCH] Fix bug #515510 prevent autologin of inactive users git-svn-id: file:///svn/phpbb/trunk@2083 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/sessions.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/includes/sessions.php b/phpBB/includes/sessions.php index a8a36f1dc7..2c19730700 100644 --- a/phpBB/includes/sessions.php +++ b/phpBB/includes/sessions.php @@ -66,7 +66,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a // what's needed is a session timer in the user table // + the user_lastvisit ... damn damn damn damn and blast // - $sql = "SELECT user_password, user_session_time, user_email + $sql = "SELECT user_password, user_session_time, user_email, user_active FROM " . USERS_TABLE . " WHERE user_id = $user_id"; $result = $db->sql_query($sql); @@ -81,7 +81,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a if( $auto_create ) { - if( isset($sessiondata['autologinid']) ) + if( isset($sessiondata['autologinid']) && $row['user_active'] ) { // We have to login automagically if( $sessiondata['autologinid'] == $auto_login_key )