From ab2db05cec6ecf8d05d8208cb3b921a9db34831d Mon Sep 17 00:00:00 2001
From: root <root@www.cacert.org>
Date: Wed, 16 Aug 2006 06:08:12 +0000
Subject: [PATCH] bug #80

---
 includes/general.php | 15 +++++++++++----
 www/index.php        |  4 ++--
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/includes/general.php b/includes/general.php
index 0cbe1e7..c59a421 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -163,10 +163,17 @@
 
 	if($_SESSION['profile']['id'] > 0)
 	{
-		$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
-		$res = mysql_query($query);
-		$row = mysql_fetch_assoc($res);
-		$_SESSION['profile']['points'] = $row['total'];
+		$locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".$_SESSION['profile']['id']."'"));
+		if($locked['locked'] == 0)
+		{
+			$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+			$res = mysql_query($query);
+			$row = mysql_fetch_assoc($res);
+			$_SESSION['profile']['points'] = $row['total'];
+		} else {
+			$_SESSION['profile'] = "";
+			unset($_SESSION['profile']);
+		}
 	}
 
 	function loadem($section = "index")
diff --git a/www/index.php b/www/index.php
index 079249f..4e815a5 100644
--- a/www/index.php
+++ b/www/index.php
@@ -148,7 +148,7 @@
 		if(mysql_num_rows($res) > 0)
 		{
 			$row = mysql_fetch_assoc($res);
-			$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]' and `deleted`=0"));
+			$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]' and `deleted`=0 and `locked`=0"));
 			if($_SESSION['profile']['id'] != 0)
 			{
 				$_SESSION['profile']['loggedin'] = 1;
@@ -176,7 +176,7 @@
 		$email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
 		$pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword'])));
 		$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
-						`password`=password('$pword')) and `verified`=1 and `deleted`=0";
+						`password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0";
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) > 0)
 		{