Browse code

Sperre Login für gesperrte User

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@2112 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on06/01/2012 15:04:32
Showing2 changed files
... ...
@@ -25,13 +25,13 @@ function find_role($login, $password, $i_am_admin = False)
25 25
   $uid = (int) $login;
26 26
   if ($uid == 0)
27 27
     $uid = 'NULL';
28
-  $result = db_query("SELECT passwort AS password, kundenaccount AS `primary`, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
28
+  $result = db_query("SELECT passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
29 29
   if (@mysql_num_rows($result) > 0)
30 30
   {
31 31
     $entry = mysql_fetch_object($result);
32 32
     $db_password = $entry->password;
33 33
     $hash = crypt($password, $db_password);
34
-    if ($hash == $db_password || $i_am_admin)
34
+    if (($entry->status == 0 && $hash == $db_password) || $i_am_admin)
35 35
     {
36 36
       $role = ROLE_SYSTEMUSER;
37 37
       if ($entry->primary)
... ...
@@ -29,7 +29,7 @@ if (isset($_POST['webinterface_username']) && isset($_POST['webinterface_passwor
29 29
   if ($role === NULL)
30 30
   {
31 31
     $_SESSION['role'] = ROLE_ANONYMOUS;
32
-    logger(LOG_WARNING, "session/start", "login", "wrong user data (username: »{$_POST['username']}«)");
32
+    logger(LOG_WARNING, "session/start", "login", "wrong user data (username: »{$_POST['webinterface_username']}«)");
33 33
     login_screen('Ihre Anmeldung konnte nicht durchgeführt werden. Vermutlich haben Sie falsche Zugangsdaten eingegeben.');
34 34
   }
35 35
   else