Changeset 316

Timestamp:

04/25/12 17:07:22 (13 years ago)

Author:

Kris Deugau

Message:

/trunk

Fix embarrasing bug in login process; account status was ignored
and disabled accounts could still log in.

File:

• trunk/DNSDB.pm (modified) (2 diffs)

trunk/DNSDB.pm

@@ -1149 +1149 @@
 ## DNSDB::login()
 # Takes a database handle, username and password
-# Returns a userdata hash (UID, GID, username, fullname parts) if username exists
-# and password matches the one on file
+# Returns a userdata hash (UID, GID, username, fullname parts) if username exists,
+# password matches the one on file, and account is not disabled
 # Returns undef otherwise
 sub login {
@@ -1157 +1157 @@
   my $pass = shift;
 
-  my $userinfo = $dbh->selectrow_hashref("SELECT user_id,group_id,password,firstname,lastname FROM users WHERE username=?",
+  my $userinfo = $dbh->selectrow_hashref("SELECT user_id,group_id,password,firstname,lastname,status".
+        " FROM users WHERE username=?",
         undef, ($user) );
   return if !$userinfo;
+  return if !$userinfo->{status};
 
   if ($userinfo->{password} =~ m|^\$1\$([A-Za-z0-9/.]+)\$|) {