From 6c126ec78e8883603febefe92093bc09ea4d0e6d Mon Sep 17 00:00:00 2001
From: Mike Koch <mkoch227@gmail.com>
Date: Fri, 24 Oct 2014 20:23:19 -0400
Subject: [PATCH] #59 We check for an active user on login

---
 admin/index.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/admin/index.php b/admin/index.php
index f5bab287..f23f0ffe 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -197,10 +197,21 @@ function do_login()
 
 	unset($_SESSION['pass']);
 
+
+
 	/* Login successful, clean brute force attempts */
 	hesk_cleanBfAttempts();
 
-	/* Regenerate session ID (security) */
+    /* Make sure our user is active */
+    if (!$_SESSION['active']) {
+        hesk_session_stop();
+        $_SESSION['a_iserror'] = array('active');
+        hesk_process_messages($hesklang['inactive_user'], 'NOREDIRECT');
+        print_login();
+        exit();
+    }
+
+    /* Regenerate session ID (security) */
 	hesk_session_regenerate_id();
 
 	/* Remember username? */