Commit 3475f03a authored by Aaron Wells's avatar Aaron Wells

Check that account is valid before logging in via password reset

Bug1284876: Without this, a suspended user can log in via a password reset email Change-Id: I5cb8f2978cdc2c6c0a6975a3fbfd2dfdc1d9bcc5
parent 8c7a5e68
......@@ -232,6 +232,8 @@ function forgotpasschange_submit(Pieform $form, $values) {
// Remove the password request(s) for the user
delete_records('usr_password_request', 'usr', $values['user']);
ensure_user_account_is_active($user);
$USER->reanimate($user->id, $user->authinstance);
$SESSION->add_ok_msg(get_string('passwordchangedok'));
redirect();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment