From 8958e99d3747b0d1ccd47565701399e58074eea9 Mon Sep 17 00:00:00 2001
From: Andrew McMillan <andrew@morphoss.com>
Date: Tue, 13 Apr 2010 03:45:00 +1200
Subject: [PATCH] Inactive users should not still be able to access their
 calendars.

---
 inc/HTTPAuthSession.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/HTTPAuthSession.php b/inc/HTTPAuthSession.php
index c4d234e7..344530ad 100644
--- a/inc/HTTPAuthSession.php
+++ b/inc/HTTPAuthSession.php
@@ -233,8 +233,8 @@ class HTTPAuthSession {
     }
 
     if ( $usr = getUserByName($username) ) {
-      dbg_error_log( "BasicAuth", ":CheckPassword: Name:%s, Pass:%s, File:%s", $username, $password, $usr->password );
-      if ( session_validate_password( $password, $usr->password ) ) {
+      dbg_error_log( "BasicAuth", ":CheckPassword: Name:%s, Pass:%s, File:%s, Active:%s", $username, $password, $usr->password, ($usr->active?'Yes':'No') );
+      if ( $usr->active && session_validate_password( $password, $usr->password ) ) {
         return $usr;
       }
     }