bug #80

18 years ago · ab2db05cec
parent 3e32cf1ca6
commit ab2db05cec
2 changed files with 13 additions and 6 deletions
--- a/includes/general.php
+++ b/includes/general.php
@ -163,10 +163,17 @@

 	if($_SESSION['profile']['id'] > 0)
 	{
-		$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
-		$res = mysql_query($query);
-		$row = mysql_fetch_assoc($res);
-		$_SESSION['profile']['points'] = $row['total'];
+		$locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".$_SESSION['profile']['id']."'"));
+		if($locked['locked'] == 0)
+		{
+			$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+			$res = mysql_query($query);
+			$row = mysql_fetch_assoc($res);
+			$_SESSION['profile']['points'] = $row['total'];
+		} else {
+			$_SESSION['profile'] = "";
+			unset($_SESSION['profile']);
+		}
 	}

 	function loadem($section = "index")
--- a/www/index.php
+++ b/www/index.php
@ -148,7 +148,7 @@
 		if(mysql_num_rows($res) > 0)
 		{
 			$row = mysql_fetch_assoc($res);
-			$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]' and `deleted`=0"));
+			$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]' and `deleted`=0 and `locked`=0"));
 			if($_SESSION['profile']['id'] != 0)
 			{
 				$_SESSION['profile']['loggedin'] = 1;
@ -176,7 +176,7 @@
 		$email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
 		$pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword'])));
 		$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
-						`password`=password('$pword')) and `verified`=1 and `deleted`=0";
+						`password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0";
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) > 0)
 		{