[Koha-bugs] [Bug 29783] Account lockout message appears incorrectly for blank userid
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Jan 4 06:09:55 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29783
--- Comment #1 from David Cook <dcook at prosentient.com.au> ---
Created attachment 128984
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=128984&action=edit
Bug 29783: Add account lockout patron userid lookup condition
This patch checks that $q_userid is not blank before trying to
do a patron lookup. This prevents a spurrious account locked
message from appearing to the user when there is a user in Koha
that has an empty userid and too many login_attempts.
Test plan:
0) Do not apply the patch yet
1) Set system preference FailedLoginAttempts to 3
2) Modify a borrower to have an empty userid and 10 login_attempts
e.g. update borrowers set userid = '', login_attempts = 10 where cardnumber =
23529001223636;
3) Visit the staff interface (e.g. http://localhost:8081/)
4) Note the message "Error: This account has been locked!" even
though you have not tried to log in
5) Apply the patch
6) Visit the staff interface (e.g. http://localhost:8081/)
7) Note that there is no error message about your account
being locked
8) Profit.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list