From 629b7ccee6e9f2aad581645407b86252983f799b Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Tue, 11 Feb 2020 11:32:41 +0100
Subject: [PATCH] Properly handle userIDs referring to non-existent users in
 AbstractAuthedPage

This commit completes 33989f299121bfb3b82c40f3257f404fc23b3c1c.
---
 wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php b/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
index 995768b09f..86ec3056f4 100644
--- a/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
+++ b/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
@@ -47,7 +47,7 @@ abstract class AbstractAuthedPage extends AbstractPage {
 				}
 				else {
 					$user = new User($userID);
-					if (\hash_equals($user->accessToken, $token) && !$user->banned) {
+					if ($user->userID && $user->accessToken && \hash_equals($user->accessToken, $token) && !$user->banned) {
 						// token is valid and user is not banned -> change user
 						SessionHandler::getInstance()->changeUser($user, true);
 					}
-- 
2.20.1