From caeb660f29d13db62d5381c262aa03e12f201ea2 Mon Sep 17 00:00:00 2001
From: Alexis Degrugillier <aledeg@users.noreply.github.com>
Date: Sun, 14 Jun 2020 19:50:09 +0200
Subject: Add a way to disable/enable users (#3056)

If you want to block users without deleting their account, you can now
disable them from the interface.
---
 app/Controllers/authController.php | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'app/Controllers/authController.php')

diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php
index d158092bf..cef8f9d2d 100644
--- a/app/Controllers/authController.php
+++ b/app/Controllers/authController.php
@@ -131,6 +131,11 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 				return;
 			}
 
+			if (!$conf->enabled) {
+				Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
+				return;
+			}
+
 			$ok = FreshRSS_FormAuth::checkCredentials(
 				$username, $conf->passwordHash, $nonce, $challenge
 			);
-- 
cgit v1.2.3