fix disabled users being able to get to info page

src/info-page.ts

@@ -362,10 +362,19 @@ infoPageRouter.post(LOGIN_ROUTE, (req, res) => {
     // Token-based authentication (using any valid user token)
     const token = (req.body.token || "").trim();
     const user = getUser(token); // returns undefined if invalid
-    if (user) {
+    
+    if (user && !user.disabledAt) {
+      // Only allow access if user exists AND is not disabled
       req.session!.infoPageAuthed = true;
       return res.redirect("/");
+    } else if (user && user.disabledAt) {
+      // User exists but is disabled
+      const reason = user.disabledReason || "Your account has been disabled";
+      return res
+        .status(401)
+        .send(renderLoginPage(res.locals.csrfToken, `Access denied: ${reason}`));
     } else {
+      // User doesn't exist
       return res
         .status(401)
         .send(renderLoginPage(res.locals.csrfToken, "Invalid token. Please try again."));