From 9a17d97ad906f572cd82c614d46d2da0ae5bffc9 Mon Sep 17 00:00:00 2001
From: mlopez <miguel.lopez@artica.es>
Date: Wed, 18 Jan 2017 11:58:02 +0100
Subject: [PATCH] Merge branch '19-usuario-con-not-login-puede-entrar-int-4355'
 into 'develop'

Add logout from session if user have a not login active

See merge request !46
---
 pandora_console/index.php | 36 +++++++++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/pandora_console/index.php b/pandora_console/index.php
index ea7393e480..b634bf420d 100755
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@@ -509,7 +509,41 @@ if (! isset ($config['id_user'])) {
 		exit ("</html>");
 	}
 }
-
+else {
+	$user_in_db = db_get_row_filter('tusuario', 
+		array('id_user' => $config['id_user']), '*');
+	if ($user_in_db == false) {
+		//logout
+		$_REQUEST = array ();
+		$_GET = array ();
+		$_POST = array ();
+		$config["auth_error"] = __("User doesn\'t exist.");
+		$iduser = $_SESSION["id_usuario"];
+		logoff_db ($iduser, $_SERVER["REMOTE_ADDR"]);
+		unset($_SESSION["id_usuario"]);
+		unset($iduser);
+		require_once ('general/login_page.php');
+		while (@ob_end_flush ());
+		exit ("</html>");
+	}
+	else {
+		if (((bool) $user_in_db['is_admin'] === false) && 
+				((bool) $user_in_db['not_login'] === true)) {
+			//logout
+			$_REQUEST = array ();
+			$_GET = array ();
+			$_POST = array ();
+			$config["auth_error"] = __("User only can use the API.");
+			$iduser = $_SESSION["id_usuario"];
+			logoff_db ($iduser, $_SERVER["REMOTE_ADDR"]);
+			unset($_SESSION["id_usuario"]);
+			unset($iduser);
+			require_once ('general/login_page.php');
+			while (@ob_end_flush ());
+			exit ("</html>");
+		}
+	}
+}
 // Log off
 if (isset ($_GET["bye"])) {
 	include ("general/logoff.php");