Attempt to log in when deleted updates lastlogin field
Bug #850580 reported by
Richard Mansfield
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Confirmed
|
Low
|
Unassigned |
Bug Description
When a deleted user attempts to log in, the lastlogin field is updated, but it shouldn't be.
Changed in mahara: | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in mahara: | |
milestone: | none → 1.9.0 |
Changed in mahara: | |
milestone: | 1.9.0 → 1.9.1 |
Changed in mahara: | |
milestone: | 1.9.1 → 1.9.2 |
Changed in mahara: | |
milestone: | 1.9.2 → 1.9.3 |
Changed in mahara: | |
milestone: | 1.9.3 → none |
To post a comment you must log in.
This does not look to be happening for a deleted user anymore. It does, however, happen for a suspended user.
The problem is the ./htdocs/ auth/user. php has an authenticate() function that saves the new 'lastlogin' value and it is called before the check to see if one is suspended. If we swap this around it should sort the problem.
But then comes the question: Do we want the database to reflect the last legitimate login or the last time they tried to to login?