If you have required email validation for new users they will reveice a mail with a one time login after the account has been cleared. This link is available up to 24 hours after the admin has cleared the account.
I understand the need to put a time constraint on this link, but 24 hours is (for some sites) a very very short time span. For a project I'm currently working on, not a single user will probably ever be able to react within 24 hours... (7 days would be acceptable)

I think that this setting should be configurable under the user settings.
Or have I missed it somewhere?

CommentFileSizeAuthor
#3 one_time_login_valid_time.patch2.6 KBweseze
#1 one_time_login_valid_time.patch2.65 KBweseze
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

weseze’s picture

weseze CreditAttribution: weseze commented
Assigned: Unassigned » weseze
Status: Active » Needs review
FileSize
one_time_login_valid_time.patch2.65 KB

I've created a small patch to do this.

Could this be included in core?

weseze’s picture

weseze CreditAttribution: weseze commented
Version: 6.13 » 6.x-dev
weseze’s picture

weseze CreditAttribution: weseze commented
FileSize
one_time_login_valid_time.patch2.6 KB

new patch
Please include this in core...

gpk’s picture

gpk CreditAttribution: gpk commented

The one-time login link on account creation does not have a time limit. The time limit should only apply when requesting a new password. Are you experiencing something different?

weseze’s picture

weseze CreditAttribution: weseze commented

Hmm I just tried my patch and set the limit to -1 and the link still worked...
I assumed it would not work because when you use the one time login link Drupal tells you the link will expire after 24 hours.

So the time limit does not apply but Drupal says it does. That's very confusing if you don't know the code... I guess that message should be changed if it doesn't apply?

gpk’s picture

gpk CreditAttribution: gpk commented

Just to confirm - we are talking about the one-time login link when you register, not the one-time login link when you request a new password?

weseze’s picture

weseze CreditAttribution: weseze commented

yes

srlawr’s picture

srlawr CreditAttribution: srlawr commented

I am doing something slightly different with the User concepts in Drupal - we have pre-populated thousands of users, and are using hooks into the "request new password" mechanisms to invite people to activate and access their accounts. It works very nicely.

That's kinda neither here nor there though, because I have now come across the frustrating problem that the link expiry time is very hard-coded into the user.pages.inc file. We want to keep the one-time-login links alive for 3 days, instead of 24 hours.

The above patch (from 2009) addresses this as an issue nicely, but status "Ignored" says it all ;)

There is a setting in the one-time-login module to control link expiry time. But not one for this link in core user.

I therefore do "vote" that this is addressed, it's not exactly a complete re-write :)

srlawr’s picture

srlawr CreditAttribution: srlawr commented
Version: 6.x-dev » 7.14
Assigned: weseze » Unassigned

edit to point out this is now also in 7.x

Should I have made a new issue?! oops. rats.

Status: Needs review » Needs work

The last submitted patch, one_time_login_valid_time.patch, failed testing.

Quest Yarbrough’s picture

Quest Yarbrough CreditAttribution: Quest Yarbrough commented
Status: Needs work » Needs review

#3: one_time_login_valid_time.patch queued for re-testing.

Status: Needs review » Needs work

The last submitted patch, one_time_login_valid_time.patch, failed testing.

Version: 7.14 » 7.x-dev

Core issues are now filed against the dev versions where changes will be made. Document the specific release you are using in your issue comment. More information about choosing a version.