* A missing token will be ignored, an invalid token results in a throw of a IllegalLinkException.
*
* @author Tim Duesterhus
- * @copyright 2001-2017 WoltLab GmbH
+ * @copyright 2001-2018 WoltLab GmbH
* @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
* @package WoltLabSuite\Core\Page
*/
}
else {
$user = new User($userID);
- if (CryptoUtil::secureCompare($user->accessToken, $token)) {
- // token is valid -> change user
+ if (CryptoUtil::secureCompare($user->accessToken, $token) && !$user->banned) {
+ // token is valid and user is not banned -> change user
SessionHandler::getInstance()->changeUser($user, true);
}
else {