From c0013a4581bda18b9f87efccec07a542b3065fde Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 20 Mar 2012 17:18:20 +0100
Subject: [PATCH] Fix: When using a disabled user, web service must be
 forbidden

---
 htdocs/core/lib/ws.lib.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/htdocs/core/lib/ws.lib.php b/htdocs/core/lib/ws.lib.php
index 7145f0c2aff..babe8609f6b 100755
--- a/htdocs/core/lib/ws.lib.php
+++ b/htdocs/core/lib/ws.lib.php
@@ -65,6 +65,12 @@ function check_authentication($authentication,&$error,&$errorcode,&$errorlabel)
             $errorcode='BAD_CREDENTIALS'; $errorlabel='Bad value for login or password';
         }
 
+		if (! $error && $fuser->statut == 0)
+		{
+			$error++;
+			$errorcode='ERROR_USER_DISABLED'; $errorlabel='This user has been locked or disabled';
+		}
+		
     	// Validation of login
 		if (! $error)
 		{