From 35826189ec0a97d82a414675023606e6fdef5389 Mon Sep 17 00:00:00 2001
From: Tim Moritz <tim_moritz@cds-service.com>
Date: Thu, 14 Apr 2022 16:40:15 +0200
Subject: [PATCH] check if the user of the session is in the database

---
 bl-kernel/login.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bl-kernel/login.class.php b/bl-kernel/login.class.php
index 7d9352ad..463a9602 100644
--- a/bl-kernel/login.class.php
+++ b/bl-kernel/login.class.php
@@ -48,10 +48,10 @@ class Login {
     {
         if (Session::get('fingerPrint')===$this->fingerPrint()) {
             $username = Session::get('username');
-            if (!empty($username)) {
+            if (!empty($username) && $this->users->getUserDB($username) !== false) {
                 return true;
             } else {
-                Log::set(__METHOD__.LOG_SEP.'Session username empty, destroying the session.');
+                Log::set(__METHOD__.LOG_SEP.'Session username empty or user not found, destroying the session.');
                 Session::destroy();
                 return false;
             }