Closed (duplicate)
Project:
LoginToboggan
Version:
5.x-1.3
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
22 Jan 2009 at 00:29 UTC
Updated:
6 Mar 2009 at 05:15 UTC
This patch fixes the bug that the account activation link was not a one-time link, but rather allows one to log in as many times as liked.
The fix is extremely small. Just change line 763 in logintoboggan.module from this:
$hashed_pass == logintoboggan_eml_rehash($account->pass, $timestamp, $account->mail)) {
into this:
$hashed_pass == logintoboggan_eml_rehash($account->pass, $timestamp, $account->mail) && !$account->login) {
This patch is in response to http://drupal.org/node/330223. I'm submitting it as a separate issue because my patch is for version 5.x-1.3, not the 6.x line, but I suppose the fix will be extremely similar in the 6.x version.
| Comment | File | Size | Author |
|---|---|---|---|
| logintoboggan.module.patch | 915 bytes | Bodo Maass |
Comments
Comment #1
hunmonk commentedthis was fixed in #291001: Allow One Time Login To Be Used Only Once. i just re-tested, and it works flawlessly for me. marking this issue as a duplicate.