https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 --- Comment #18 from Tomás Cohen Arazi <tomascohen@gmail.com> --- (In reply to Marcel de Rooy from comment #17)
A follow-up bug will make the codebase use this instead of update_password, and use a proper method for changing the userid if required.
Is it already written?
No, but I can do it
I wrote a number of patches around lockout status now, and have some thoughts about setting login_attempts to 0 in set_password / update_password. (See 21336 and dependees) In my idea an administrative lockout (login_attempts<0) should not be reset from the opac scripts. So we should need some check or parameter in set_password. See also 21533.
I'd say an administrative lockout should be identifiable as such, like staff_locked => true but I'll take a look at your bugs and see how can they coexist. The main thing here was decoupling password change from userid overwrite. -- You are receiving this mail because: You are watching all bug changes.