From e80684accad609a3dcd859f0ef2d8f4293502a21 Mon Sep 17 00:00:00 2001
From: Graham Eames <grahamje@users.sourceforge.net>
Date: Fri, 13 Jan 2006 19:29:50 +0000
Subject: [PATCH] Some changes to the checks on login attempts: - handling
 reauthentication to the ACP - handling inactive users

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5445 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/login.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/phpBB/login.php b/phpBB/login.php
index c8a572d7a9..6008525cb4 100644
--- a/phpBB/login.php
+++ b/phpBB/login.php
@@ -82,7 +82,7 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
 				
 				// Check to see if user is allowed to login again... if his tries are exceeded
 				if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] && 
-					$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'])
+					$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] == ADMIN)
 				{
 					message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time']));
 				}
@@ -107,7 +107,8 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
 						message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
 					}
 				}
-				else
+				// Only store a failed login attempt for an active user - inactive users can't login even with a correct password
+				elseif( $row['user_active'] )
 				{
 					// Save login tries and last login
 					if ($row['user_id'] != ANONYMOUS)