[Known Issue]: Request a new password problem [Known Issue]: Request a new password problem
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[Known Issue]: Request a new password problem

Started by sanax, June 25, 2006, 09:58:27 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

sanax

I upgraded my gallery not long ago and tested the request for a new password... this is the e-mail I received

QuoteYou have requested to a new password. If you would like to proceed with having a new password sent to you, click on the following link: http://gallery.theartgangster.com/forgot_passwd.php?key=b370d52f85b31f7c59e26849af5e12b9&id=2

If I copy and paste the link (NOTE: the link isn't clickable in e-mail) it redirects me to yet another 'login' page and not the page where I can choose a new password.

After a while I received another e-mail:

QuoteHere is the new password you requested: Username: TheArtgangster Password: a10nr005 Click http://gallery.theartgangster.com/login.php to log in.
(Link also not clickable)

When I tested the feature with Coppermine Forum itself I get, seems to me, the correct e-mail:

QuoteDear sanax,

This mail was sent because the 'forgot password' function has been applied to your account. To set a new password click the following link:

http://forum.coppermine-gallery.net/index.php?action=reminder;sa=setpassword;u=31923;code=d1f37b08c8

IP: ***********

Username: sanax

Regards,
The coppermine-gallery.net Team.
(The link is active)

...which redirect me to the correct page to set a new password..

Any suggestions? Do I miss something?

Sami

so what is the point?
- you got your new password on your secound email !
- there is a diffrence between gallery and forum's  "forgot password" system
- also it work for me (please edit your post and remove your password or login with that and change your password)
‍I don't answer to PM with support question
Please post your issue to related board

sanax

Quote from: bmossavari on June 25, 2006, 10:14:41 PM
so what is the point?
- you got your new password on your secound email !
- there is a diffrence between gallery and forum's  "forgot password" system
- also it work for me (please edit your post and remove your password or login with that and change your password)

First of all the e-mail isn't professional... secondly the links are not active and when I copy and paste the first link it took me to a wrong page...

After a while I received the second e-mail with the new password... that's confusing isn't it?

Sami

what you mean by "isn't professional" !?
- what is your mail client?
- as I said before ,gallery using diffrent method for forgot password so it's not confuing
first the gallery set a random key to that user then with secound link check that if the key is equal and then change the password
if they didn't do that , someone that know your user id (see it on your browser address bar) could possibly hack your gallery account
hacker first go to forgot password then point his browser to that url with your ID then .... ::) so this is a way to protect "forgot password" system
froum did it bye generate a random "code" it's the same , may be it's weeker (personaly ,I didn't check how that code generate) may be not!
‍I don't answer to PM with support question
Please post your issue to related board

sanax

Quote from: bmossavari on June 25, 2006, 11:41:32 PM
what you mean by "isn't professional" !?
- what is your mail client?
- as I said before ,gallery using diffrent method for forgot password so it's not confuing
first the gallery set a random key to that user then with secound link check that if the key is equal and then change the password
if they didn't do that , someone that know your user id (see it on your browser address bar) could possibly hack your gallery account
hacker first go to forgot password then point his browser to that url with your ID then .... ::) so this is a way to protect "forgot password" system
froum did it bye generate a random "code" it's the same , may be it's weeker (personaly ,I didn't check how that code generate) may be not!


I understand... I have only one problem though - first of all I'm using Outlook Express and the links aren't active (which is not the end of the world) but you have to copy and paste into your browser... which redirect me to a page where I have to 'login in' again... without first receiving the new password/code. The second e-mail send the new code and the link (which is still not an active link) redirect you to a login page which is correct.

I just feel the link in the first email is confusing?!... I realized, after I've received the second e-mail, what was actually going on...

Sami

after second email you can login with your new password and change your password by going to "My profile"
‍I don't answer to PM with support question
Please post your issue to related board

wads24

I think that it isn't professional myself also.  The issue that he is having is that the forgot password email is sent in html format, but it only sends the link... but the link isn't sent in html format, that is why it isnt clickable.

waynepyrah

I'm having this problem too on my site...
My non techie users keep on trying to click the link - then phone me up or mail me

Is there a way I can tweak the content to make the link clickable ??
Cheers, Wayne


waynepyrah

Thanks Nibbler!
Any reason why this bug hasn't been updated in the later versions ?
Surely lots of people have these issues

Cheers, Wayne

Nibbler

That's already been discussed in the thread.