diff options
| -rw-r--r-- | engine/lib/sessions.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index 2c84b2d1f..a47415d64 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -75,7 +75,12 @@ { //$dbpassword = md5($credentials['password']); + if ($user = get_user_by_username($credentials['username'])) { + // Let admins log in without validating their email, but normal users must have validated their email + if ((!$user->admin) && (!$user->validated_email)) + return false; + if ($user->password == generate_user_password($user, $credentials['password'])) { return true; } |