In login_destination_apply_redirect(), login_destination checks if the user has a password change pending and if so, does not redirect. However, it does not check that the force_password_change is still enabled, so if a user had a pending password change and the for some reason the site disabled the force_password_change module, the account is forever stuck in that state and login redirects will not work for that user.
Easy fix: just add module_exists('force_password_change') to the condition to make it look like this:
module_exists('force_password_change') && $account->force_password_change && $account->uid == $user->uid)
If necessary I'll attach a patch, but this is such a quick fix I figured not needed.
Comments
Comment #1
stewart.adam CreditAttribution: stewart.adam commentedOops, sorry - absentmindedly selected 7.x when we're actually using 6.x.
Comment #2
rsvelko CreditAttribution: rsvelko as a volunteer commentedthanks fixed. Albeit so late...
Comment #3
rsvelko CreditAttribution: rsvelko as a volunteer commentedComment #5
rsvelko CreditAttribution: rsvelko as a volunteer commented