Posted by danmurf on May 9, 2008 at 6:17pm
Jump to:
| Project: | Temporary Invitation |
| Version: | 5.x-2.2 |
| Component: | Miscellaneous |
| Category: | task |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Issue Summary
Hi
Is there a way user accounts can be deleted/blocked once their invitation has expired? It seems that it's only the invitation that expires, not the user account. So, if the user logs in, changes their email/password, they can continue to log in past the temporary invitation period. Is there anyway to get around this?
Many thanks
Comments
#1
Oh wow, I didn't consider that users could log in with their normal accounts as well.
Temporary Invitation (or rather, Login Ticket API) checks if invitations (i.e. login tickets) are expired even though the account still exists. That falls down when the user doesn't log in using the login code, though.
This issue will definitely be tackled during the Drupal 6 port of this module, maybe even before I port it so that the changes can be fed back to the Drupal 5 version.