From c4e4dc3a44290814c557a0a9eae347d596c230fb Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Thu, 28 Dec 2023 22:18:39 -0500
Subject: [PATCH] Do not allow archived client contacts client portal login
 access

---
 portal/login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/portal/login.php b/portal/login.php
index 9d012428..e018aba0 100644
--- a/portal/login.php
+++ b/portal/login.php
@@ -50,7 +50,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
     if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
         $_SESSION['login_message'] = 'Invalid e-mail';
     } else {
-        $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' LIMIT 1");
+        $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_archived_at IS NULL LIMIT 1");
         $row = mysqli_fetch_array($sql);
         if ($row['contact_auth_method'] == 'local') {
             if (password_verify($password, $row['contact_password_hash'])) {