MDL-50090 user: suspended user can login upon conrimation

diff --git a/login/confirm.php b/login/confirm.php
index 18153ea..a7ba661 100644 (file)
--- a/login/confirm.php
+++ b/login/confirm.php
@@ -77,14 +77,16 @@ if (!empty($data) || (!empty($p) && !empty($s))) {
             print_error('cannotfinduser', '', '', s($username));
         }
 
-        complete_user_login($user);
+        if (!$user->suspended) {
+            complete_user_login($user);
 
-        \core\session\manager::apply_concurrent_login_limit($user->id, session_id());
+            \core\session\manager::apply_concurrent_login_limit($user->id, session_id());
 
-        if ( ! empty($SESSION->wantsurl) ) {   // Send them where they were going
-            $goto = $SESSION->wantsurl;
-            unset($SESSION->wantsurl);
-            redirect($goto);
+            if ( ! empty($SESSION->wantsurl) ) {   // Send them where they were going.
+                $goto = $SESSION->wantsurl;
+                unset($SESSION->wantsurl);
+                redirect($goto);
+            }
         }
 
         $PAGE->navbar->add(get_string("confirmed"));