https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29783 --- Comment #1 from David Cook <dcook@prosentient.com.au> --- Created attachment 128984 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=128984&action=edit Bug 29783: Add account lockout patron userid lookup condition This patch checks that $q_userid is not blank before trying to do a patron lookup. This prevents a spurrious account locked message from appearing to the user when there is a user in Koha that has an empty userid and too many login_attempts. Test plan: 0) Do not apply the patch yet 1) Set system preference FailedLoginAttempts to 3 2) Modify a borrower to have an empty userid and 10 login_attempts e.g. update borrowers set userid = '', login_attempts = 10 where cardnumber = 23529001223636; 3) Visit the staff interface (e.g. http://localhost:8081/) 4) Note the message "Error: This account has been locked!" even though you have not tried to log in 5) Apply the patch 6) Visit the staff interface (e.g. http://localhost:8081/) 7) Note that there is no error message about your account being locked 8) Profit. -- You are receiving this mail because: You are watching all bug changes.