From 03b88dc9fba2991f68ff04ecd3313bf4e3f37f55 Mon Sep 17 00:00:00 2001
From: Trevor Slocum <trevor@rocketnine.space>
Date: Sun, 4 Apr 2021 17:12:17 -0700
Subject: [PATCH] Deny access to disabled accounts

---
 inc/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/functions.php b/inc/functions.php
index 722ad09..8f7372b 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -370,7 +370,7 @@ function manageCheckLogIn($requireKey) {
 
 	if (isset($_SESSION['tinyib_username']) && isset($_SESSION['tinyib_password'])) {
 		$a = accountByUsername($_SESSION['tinyib_username']);
-		if (!empty($a) && $a['password'] == $_SESSION['tinyib_password']) {
+		if (!empty($a) && $a['password'] == $_SESSION['tinyib_password'] && $a['role'] != TINYIB_DISABLED) {
 			$account = $a;
 			$loggedin = true;
 			if ($account['role'] == TINYIB_SUPER_ADMINISTRATOR || $account['role'] == TINYIB_ADMINISTRATOR) {