Closed (won't fix)
Project:
Drupal core
Version:
5.x-dev
Component:
user.module
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
1 Feb 2007 at 02:52 UTC
Updated:
24 Jun 2011 at 18:21 UTC
Jump to comment: Most recent file
Comments
Comment #1
vm commentedI remove the one time login from the email on sites that require admin approval of accounts before login.
this can be done, adminsiter -> user settings -> body of welcome email.
Comment #2
pjb commented@VeryMisunderstood: True, that'd solve the problem easily, but having admin-approval for new users isn't really conducive to the size of the userbase I expect for the site. My admin group is already overwhelmed with our current website and having to approve users (with no option to change that currently).
I have the admin approval turned at the moment because we're playing with a development site and I don't need everyone and his brother creating accounts while we're working...so it was sort of by accident that I discovered this issue, and thought I'd share it with the developers.
Comment #3
blcarson commentedI've gotten this bug also - had to remove the link from the email but I'd really like to see this fixed.
Comment #4
LAsan commentedIs this still a bug?
Comment #5
stovicek commentedThis bug is in my clean install of 5.10.
Simply pointing your browser to user/reset while not logged in gives the double vision - suggesting a problem with perhaps the user.module?
Steps to recreate:
1. Install Drupal 5.x
2. Create admin account
3. logout
4. point browser to user/reset
Comment #6
drummThis is not an issue in Drupal 6 and above.
I do not think this is critical since nothing links directly to user/reset.
Comment #7
stovicek commentedThe user registration process (when email confirmation is required) links to user/reset - which is where I first encountered the problem.
Edit: More specifically, when a user followed the one-time email confirmation link, the resulting page was double vision. The path also happened to be not found, but it seems to me there should never be an instance where double vision occurs. Something is making a bad call somewhere...
Comment #8
nicholasthompsonThe problem stems from the call to drupal_access_denied() at the end of the reset function. That function simply prints out an access denied page, but nothing is done to stop the Drupal menu callback from also printing out its own page contents - which in this case is nothing...
The attached patch simply adds an "exit" call after printing out the access denied.
Comment #9
drummSome cleanup needs to happen before simply calling exit. See drupal_goto() for an example.
Everywhere else drupal_access_denied is called, the menu callback returns nothing, and the double page does not happen. The menu callback here is drupal_get_form(), so an empty form on a page is rendered.
In Drupal 6, the page is not found instead of access denied. I think the best solution would be checking that all 3 parameters are present, if they are not, then 404.
Comment #10
drummConfirmed on a client's site that this does happen.
Comment #11
dpearcefl commentedConsidering the lack of activity on this issue and that Drupal v5 is no longer supported by fixes or patches, I am going to close this ticket.