CMS MADE SIMPLE FORGE

Frontend Users

 
Back Back to List

[#6735] Lost Password Request Status is not cleared, if password is changed from the admin interface

avatar
Created By: Ludger Merkens (lume)
Date Submitted: Wed Aug 03 10:54:57 -0400 2011

Assigned To:
Version: 1.12.16
CMSMS Version: 1.9.4.2
Severity: Minor
Resolution: Fixed
State: Closed
Summary:
Lost Password Request Status is not cleared, if password is changed from the admin interface
Detailed Description:
if a user requests a password change, she receives an E-Mail with a UserTempCode
to reset her password. If for some reasons she doesn't use the embedded link in
the email to do so, but asks an admin to change her password this UserTempCode
will not be cleared. Lateron new attempts to change the password via
email-request will lead to errormessages, telling the user that they already got
an email with a link to change the password. (which might be ages old and
forgotten or even deleted)

I think it would be consistent with the fact, that the password got changed, to
treat a pending "change/forgot password" request as also terminated.  That
means, clearing a possibly existing UserTempCode upon a password change through
the admin interface.

best regards
Ludger Merkens


History

Comments
avatar 
Date: 2011-08-03 11:29
Posted By: Ludger Merkens (lume)

To achieve this, i patched my local copy of FrontEndUsers like this:

file: action.do_edituser3.php
line: 340
inserted code:

// and clear pending UserTempCodes
    $this->RemoveUserTempCode( $user_id );

please check if this can be integrated into the distribution, or if there are
any sideeffects i didn't see.

best regards
Ludger Merkens
Updates

Updated: 2012-02-18 11:20
state: Open => Closed

Updated: 2011-12-22 21:51
resolution_id: 5 => 7

Updated: 2011-08-03 11:29
resolution_id: => 5