mirror of
https://github.com/itflow-org/itflow
synced 2026-02-28 02:44:53 +00:00
Remove delete user post.php code. Deleting users means we'll lose all tickets/replies which isn't great.
Correct user archive behaviour so when users are archived they can no longer login. Need to add ability for quick disable/enable of user accounts, as using archive as permanent. Refactor "You are not permitted to do that!" wording into a constant instead.
This commit is contained in:
12
login.php
12
login.php
@@ -8,17 +8,13 @@ if(!file_exists('config.php')){
|
||||
include("config.php");
|
||||
include("functions.php");
|
||||
|
||||
//SESSION FINGERPRINT
|
||||
// SESSION FINGERPRINT
|
||||
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
|
||||
//$os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
|
||||
//$browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));
|
||||
//$device = strip_tags(mysqli_real_escape_string($mysqli,get_device()));
|
||||
$os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
|
||||
|
||||
//$user_agent = "$os - $browser";
|
||||
// Get user agent
|
||||
// User agent
|
||||
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
|
||||
|
||||
|
||||
// HTTP Only cookies
|
||||
ini_set("session.cookie_httponly", True);
|
||||
|
||||
@@ -59,7 +55,7 @@ if(isset($_POST['login'])){
|
||||
if(isset($_POST['current_code'])){
|
||||
$current_code = strip_tags(mysqli_real_escape_string($mysqli, $_POST['current_code']));
|
||||
}
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_email = '$email'");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_email = '$email' AND user_archived_at IS NULL");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
if (password_verify($password, $row['user_password'])) {
|
||||
|
||||
|
||||
Reference in New Issue
Block a user