New users are blocked after saving their profile
coltrane - July 20, 2008 - 00:11
| Project: | Account Expiry |
| Version: | 5.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | reviewed & tested by the community |
Description
A first-time user who edits their profile is immediately blocked after they submit even if their expire time is set in the future.
Steps to reproduce:
As an administrator, create a new user.
Log out and then log in as the new user.
Go to the user's edit account page.
Edit something (signature for instance).
Submit the form.
What happens:
You'll get an Access Denied page, the user has been blocked.
I think this bug only occurs when the user is created by an administrator, and I think it has to do with the selectAT property used by the module. The bug also does not occur if the administrator edits the user after creation.
#1
On insert in hook_user() account_expiry_edit() is called without being given $expiry_timestamp. When that variable is NULL the module uses the default expiry which is 943945200 or Tue, 30 Nov 1999 07:00:00 GMT which gets written into the account_expiry table for the user. Now the user has an expire timestamp in the past and I think that during the after_update op of hook_user() the user gets blocked.
#2
Bah, this one is confusing. It's not the insert operation of hook user, I think instead its that since http://drupal.org/cvs?commit=114017 the form_alter doesn't add expiry_date day, month, and year unless you have the right permissions. When those are not added to the form and its submitted the account object in hook_user() does not have $account->day, $account->month, and $account->year so the mktime() in the after_update operation is returning a bad date.
#3
The patch wraps the after_update logic into a user_access() check which keeps account_expiry_edit() from being called with a bad timestamp.
#4
>I think this bug only occurs when the user is created by an administrator
In my installation bug occurs even if user create account himself.
#5
for me, patch works for both "user create account" and "admin create account".
#6
#7
Patch is tested with "user create account" for a long time on production site.
#8
can someone repost this patch...I'm running into problems when i try to patch module file. I've applied patch that was posted here, but still no help. Tried to re do it, and reapplied to original module file and got an error:
patching file account_expiry.module
patch unexpectedly ends in middle of line
Hunk #1 succeeded at 176 with fuzz 1
I hope that error message helps. Can someone post the solution.
Thank you.