Commit aa2d268c authored by Nigel McNie's avatar Nigel McNie Committed by Nigel McNie
Browse files

Don't show the login page if the session has timed out and the page

is public. Check for the password having being changed just after the
login_submit function has determined that the user is logged in.
parent c446f03f
......@@ -220,10 +220,11 @@ function auth_setup () {
log_debug('session timed out');
$SESSION->logout();
$SESSION->add_info_msg(get_string('sessiontimedout'));
// @todo<nigel>: if page is public, no need to show the login page again
if (!defined('PUBLIC')) {
auth_draw_login_page();
exit;
}
}
else {
// There is no session, so we check to see if one needs to be started.
// First, check if the page is public or the site is configured to be public.
......@@ -525,6 +526,7 @@ function login_submit($values) {
$USER = call_static_method($authclass, 'get_user_info', $username);
$SESSION->login($USER);
$USER->logout_time = $SESSION->get('logout_time');
auth_check_password_change();
}
else {
// Login attempt failed
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment