From 897af06af9522ded99b1e0f46730299e89856ffe Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 11 Jun 2012 05:00:57 -0400
Subject: [PATCH] Updated version number to 3.0.4.6

---
 interface/web/login/index.php |   10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index be91708..1c5dc91 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -106,21 +106,27 @@
 	        	if($alreadyfailed['times'] > 5) {
 	        		$error = $app->lng('error_user_too_many_logins');
 	        	} else {
+	        		
 					if ($loginAs){
 			        	$sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";
 						$user = $app->db->queryOneRecord($sql);
 					} else {
 			        	$sql = "SELECT * FROM sys_user WHERE USERNAME = '$username'";
 						$user = $app->db->queryOneRecord($sql);
-						if($user && $user['active'] == 1) {
+
+						if($user) {
+							
 							$saved_password = stripslashes($user['passwort']);
+							
 							if(substr($saved_password,0,3) == '$1$') {
 								//* The password is crypt-md5 encrypted
 								$salt = '$1$'.substr($saved_password,3,8).'$';
-								if(crypt($passwort,$salt) != $saved_password) {
+								
+								if(crypt(stripslashes($passwort),$salt) != $saved_password) {
 									$user = false;
 								}
 							} else {
+								
 								//* The password is md5 encrypted
 								if(md5($passwort) != $saved_password) {
 									$user = false;

--
Gitblit v1.9.1