Login Issue

[TVZ88]

I am running Moodle 3.8.

I seem to be having the same problem as issue https://github.com/moodleuulm/moodle-theme_boost_campus/issues/45

I get the same login error and it is resolved by disabling login tokens in config with this line:

$CFG->disablelogintoken = true;

[gstapltn]

I am running one site with Moodle 3.8 and another with 3.6. Both have recently yielded the same issue which I have fixed by disabling the login tokens. What is the downside of disabling the login tokens?

[TVZ88]

@gstapltn The problem with disabling tokens is that it poses a security risk. The tokens were implemented as a security fix according to the info available in thread #45

Please see this for more info: https://docs.moodle.org/dev/Login_token

I ended up changing my theme to Eguru. It's a nice theme and I could re-enable tokens without any issues.

[gstapltn]

Thanks @TVZ88. I appreciate your feedback and advice. I'll look into the Eguru theme to avoid having to disable tokens.

[abias]

Hi @TVZ88 and @gstapltn ,

thank you for raising this issue about login tokens.

However, I have to say that we can't reproduce the problem on a vanilla Moodle 3.8 core installation with the latest Boost Campus release (which is for 3.7 still).

We adopted this upstream change long time ago with https://github.com/moodleuulm/moodle-theme_boost_campus/commit/561096fdb4f466aa8e547005fe1a5c29a37ed017 and since then, this has not been any issue anymore in this theme.

The only reasons why you might encounter this now is, from my point of view:

• You are running a really outdated version of this theme which does not contains the fix
• You have modified the templates/loginform.mustache file locally in your theme installation and did not adopt the necessary changes from upstream
• You have created any secondary login form and do not use the official login form.

To get a better impression about what's going on, please

• Tell me which URL you go to to login into your Moodle
• Tell me which version of this theme you are running
• Tell me if you have made any local modifications to this theme
• Go to /login/index.php in the browser and check that the login form contains a <input type="hidden" name="logintoken" value="..."> element

Beyond that, I am sad to hear that you have changed your theme to some other Boost child theme in the meantime. Of course, you have the freedom of choice. But you should investigate anyway what's going wrong as you should want to have to login process as bulletproof as possible.

Cheers, Alex

[Kathrin84]

As there was no feedback anymore and we still cannot reproduce the issue with any Boost Campus 3.7 or 3.8 version, I'll close this issue at this point.