Use existing API function

Instead of duplicating the logic to determine whether an account can be unlocked, use existing API function user_is_login_request_allowed(). Fixes #26930
mantisbt · May 2, 2020 · 55833c9 · 55833c9
1 parent 83f756b
commit 55833c9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/manage_user_edit_page.php b/manage_user_edit_page.php
@@ -228,7 +228,7 @@
 	&& auth_can_set_password( $t_user['id'] )
 	&& user_is_enabled( $t_user['id'] )
 	&& !user_is_protected( $t_user['id'] );
-$t_unlock = OFF != config_get( 'max_failed_login_count' ) && $t_user['failed_login_count'] > 0;
+$t_unlock = !user_is_login_request_allowed( $t_user['id'] );
 $t_delete = !( ( user_is_administrator( $t_user_id ) && ( user_count_level( config_get_global( 'admin_site_threshold' ) ) <= 1 ) ) );
 $t_impersonate = auth_can_impersonate( $t_user['id'] );