Deny access to disabled accounts

This commit is contained in:
Trevor Slocum 2021-04-04 17:12:17 -07:00
parent e92bea8849
commit 03b88dc9fb
1 changed files with 1 additions and 1 deletions

View File

@ -370,7 +370,7 @@ function manageCheckLogIn($requireKey) {
if (isset($_SESSION['tinyib_username']) && isset($_SESSION['tinyib_password'])) {
$a = accountByUsername($_SESSION['tinyib_username']);
if (!empty($a) && $a['password'] == $_SESSION['tinyib_password']) {
if (!empty($a) && $a['password'] == $_SESSION['tinyib_password'] && $a['role'] != TINYIB_DISABLED) {
$account = $a;
$loggedin = true;
if ($account['role'] == TINYIB_SUPER_ADMINISTRATOR || $account['role'] == TINYIB_ADMINISTRATOR) {