mahara-contributors team mailing list archive

[François Marier <francois@xxxxxxxxxx>]

I think this code is wrong in auth/lib.php:login_submit():

    // Check if the user's account has become inactive
    $inactivetime = get_config('defaultaccountinactiveexpire');
    if ($inactivetime && $oldlastlogin > 0
        && $oldlastlogin + $inactivetime < time()) {
        $USER->logout();
        die_info(get_string('accountinactive'));
    }

Because $oldlastlogin is set to 0 at the top of the function and never
changed. So the code within the "if" statement will never execute.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/890929

Title:
  When a user is expired due to inactivity, they can still log in

Status in Mahara ePortfolio:
  Triaged

Bug description:
  In the cronjob auth_handle_account_expiries, users that haven't logged
  in since the config option defaultaccountinactiveexpire get
  deactivated. This sets the active flag in the usr table.

  One would think that being inactive would mean that the user could no
  longer login, but they still can. Especially because the email sent
  out before you become inactive is as follows:

  "Dear Admin User (admin),

  Your account on Mahara will become inactive within 7 days.

  Once inactive, you will not be able to log in until an administrator
  re-enables your account.

  You can prevent your account from becoming inactive by logging in.

  Regards, Mahara Site Administrator

  Please do not reply to this message.
  "

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/890929/+subscriptions