[ZendTo] Failed to unlock user $user as did not match usernameRegexp from preferences.php

Marlon Deerr MDeerr at hshlawyers.com
Tue Jul 21 13:45:36 BST 2020 

Hi Jules,

I was testing ZendTo. I wanted to see what the log files will report when a user is locked out after 10 unsuccessful login attempts. I noticed that the log file (I think) is incorrectly reporting that a user was not unlocked after administratively unlocking the account, when in fact the user was successfully unlocked. Here are the steps I performed.


1.       Purposely attempted to log in as a user with incorrect password 10 times

2.       Logged in as an admin user and examined the System Logs

3.       System Log file successfully identified this locked user

4.       Clicked on "Unlock User" from the main screen and selected the user to unlock and unlocked her

5.       Examined the System Logs again, but this time it said "Failed to unlock user $user as did not match usernameRegexp from preferences.php"

6.       Logged out as the administrator user

7.       Tried logged in as this "supposedly" locked user BUT the login was successful.


Does this mean that the System Log file is incorrectly reporting that the user was not unlocked, when in fact the user was unlocked?

ALSO: Feature Request (if possible)

When a user is approaching the maximum allowed failed login attempts can you include a message that


1.       Warns the user that you have x more attempts before you get locked out (where x is a number)

2.       After the user has failed to login after 10 attempts, instead of just saying "Authentication Error. The username or password was incorrect", can it not say something like "Authentication Error. You have attempted more than the allowed failed attempts to log in. Your account therefore has been locked. Please contact your administrator to have it unlocked"

While testing this feature above, I found that I was not keeping track of how many times I made a failed login and must have tried over and over again waiting for a message to let me now that I was locked out.  I think having such a message will help reduce IT Tickets from staff wondering why they can't log in. They may not even know they have been locked out.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20200721/a831b394/attachment-0001.html>

More information about the ZendTo mailing list