From 4762e47405263fe13656027657ed0b75821b66e7 Mon Sep 17 00:00:00 2001
From: pappfer <pappfer@gmail.com>
Date: Mon, 31 Jul 2017 16:36:58 +0200
Subject: [PATCH] Only update the `last_login_at` attribute in case of a
 successful login

---
 src/User/Controller/SecurityController.php | 2 ++
 src/User/Form/LoginForm.php                | 1 -
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/User/Controller/SecurityController.php b/src/User/Controller/SecurityController.php
index a150d43..4e06757 100644
--- a/src/User/Controller/SecurityController.php
+++ b/src/User/Controller/SecurityController.php
@@ -124,6 +124,8 @@ class SecurityController extends Controller
         if ($form->load(Yii::$app->request->post())) {
             $this->trigger(FormEvent::EVENT_BEFORE_LOGIN, $event);
             if ($form->login()) {
+                Yii::$app->getUser()->identity->updateAttributes(['last_login_at' => time()]);
+
                 $this->trigger(FormEvent::EVENT_AFTER_LOGIN, $event);
 
                 return $this->goBack();
diff --git a/src/User/Form/LoginForm.php b/src/User/Form/LoginForm.php
index d4312b5..c0f5f45 100644
--- a/src/User/Form/LoginForm.php
+++ b/src/User/Form/LoginForm.php
@@ -117,7 +117,6 @@ class LoginForm extends Model
     {
         if ($this->validate()) {
             $duration = $this->rememberMe ? $this->module->rememberLoginLifespan : 0;
-            $this->user->updateAttributes(['last_login_at' => time()]);
 
             return Yii::$app->getUser()->login($this->user, $duration);
         }