diff --git a/index.php b/index.php index 7dda2450..3b50f18f 100644 --- a/index.php +++ b/index.php @@ -119,15 +119,23 @@ if ($action == 'login') { redirectTo('index.php', array('showmessage' => '3')); exit; } elseif (validatePasswordLogin($userinfo, $password, $table, $uid)) { - // login correct - // reset loginfail_counter, set lastlogin_succ - $stmt = Database::prepare("UPDATE $table - SET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0' - WHERE `$uid`= :uid" - ); - Database::pexecute($stmt, array("lastlogin_succ" => time(), "uid" => $userinfo[$uid])); - $userinfo['userid'] = $userinfo[$uid]; - $userinfo['adminsession'] = $adminsession; + // only show "you're banned" if the login was successfull + // because we don't want to publish that the user does exist + if ($userinfo['deactivated']) { + unset($userinfo); + redirectTo('index.php', array('showmessage' => '5')); + exit; + } else { + // login correct + // reset loginfail_counter, set lastlogin_succ + $stmt = Database::prepare("UPDATE $table + SET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0' + WHERE `$uid`= :uid" + ); + Database::pexecute($stmt, array("lastlogin_succ" => time(), "uid" => $userinfo[$uid])); + $userinfo['userid'] = $userinfo[$uid]; + $userinfo['adminsession'] = $adminsession; + } } else { // login incorrect $stmt = Database::prepare("UPDATE $table @@ -269,6 +277,9 @@ if ($action == 'login') { case 7: $message = $lng['pwdreminder']['wrongcode']; break; + case 8: + $message = $lng['pwdreminder']['notallowed']; + break; } $update_in_progress = ''; @@ -326,8 +337,8 @@ if ($action == 'forgotpwd') { /* Check whether user is banned */ if ($user['deactivated']) { - $message = $lng['pwdreminder']['notallowed']; - redirectTo('index.php', array('showmessage' => '5')); + redirectTo('index.php', array('showmessage' => '8')); + exit; } if (($adminchecked && Settings::Get('panel.allow_preset_admin') == '1') || $adminchecked == false) {