Merge branch '3.0'

[GitHub/WoltLab/WCF.git] / wcfsetup / install / files / lib / page / AbstractAuthedPage.class.php

diff --git a/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php b/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
index ddb833b8c5d76540ecf98dae7d989dcd0c9ba935..a9a3bca9994f913c59d4804281bc175d73f19de1 100644 (file)
--- a/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
+++ b/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
@@ -46,8 +46,8 @@ abstract class AbstractAuthedPage extends AbstractPage {
                        }
                        else {
                                $user = new User($userID);
-                               if (CryptoUtil::secureCompare($user->accessToken, $token)) {
-                                       // token is valid -> change user
+                               if (CryptoUtil::secureCompare($user->accessToken, $token) && !$user->banned) {
+                                       // token is valid and user is not banned -> change user
                                        SessionHandler::getInstance()->changeUser($user, true);
                                }
                                else {