[Solved]: When requesting a new password, coppermine sends more than one to users [Solved]: When requesting a new password, coppermine sends more than one to users
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[Solved]: When requesting a new password, coppermine sends more than one to users

Started by paquets, June 24, 2009, 12:26:29 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

paquets

June 24, 2009, 12:26:29 PM Last Edit: June 26, 2009, 12:43:48 AM by Phill Luckhurst
Hi,

I was testing the forgot_passwd.php function on my coppermine installation. Everything works perfectly until I click 'continue' when this message appears:

QuotePassword reminder
An email has been sent to *****@*****.com. Please check your email to complete the process.
CONTINUE

I get the e-mail twice or three times with different passwords in each. One of the passwords does actually work but its confusing for users. Any idea what may be the cause?

Thanks!

Joachim Müller

#1
June 24, 2009, 01:54:43 PM
That's expected behaviour: the "forgot password" feature doesn't look up the old password and send you that (because it can't: the old password isn't stored anywhere - the database only knows the md5-hash of the password, but not the actual password itself), but it creates a new random password and sends you that. Clicking on the "forgot password" several times will trigger the sending of a random password several times. That's expected behaviour and not a mistake, but the way the feature was designed to work. As there is nothing broken, there is nothing to fix.

paquets

#2
June 24, 2009, 02:10:37 PM
Thanks for the reply.
The feature works. The problem lies in the fact that I only clicked once on to submit button and got multiple emails with as many different new passwords.

Joachim Müller

#3
June 24, 2009, 02:32:54 PM
Sounds strange - can't replicate. If you think that this is a genuine bug, please post a link to your gallery and a non-admin test user account.

paquets

#4
June 24, 2009, 03:08:09 PM
Thanks, I really appreciate the help. Since an e-mail account will be needed to test appropriately, I'll just give you the link to the registration page and you can try filling it from there.

The link http://adpharm.net/register.php

Thanks Again!

phill104

#5
June 26, 2009, 12:13:12 AM
Please do as Joachim asked and post a test account for us. We will not register for various reasons which I will not go into.
It is a mistake to think you can solve any major problems just with potatoes.

paquets

#6
June 26, 2009, 12:21:58 AM
Hi Phill,

Somebody else from the dev team replied yesterday and for some reason the post from that person and my reply are not listed anymore. Bottom line is it worked fine for everyone else. I've since upgraded to CPG 1.4.25 and everything works fine for me too. I know this may not be the right place to ask but there's no info on it anywhere, does anyone know when 1.5 is planned to be released?

Thanks!

Nibbler

#7
June 26, 2009, 12:34:16 AM
There was an issue with the forum, see http://forum.coppermine-gallery.net/index.php/topic,60323.0.html

There is no info on a 1.5 release date because there is no 1.5 release date yet.

phill104

#9
June 26, 2009, 12:43:37 AM
Glad you have it fixed. I'll mark as solved. You may have already done that yourself but it would have been lost.

It is a mistake to think you can solve any major problems just with potatoes.
Print
Go Up Pages1
User actions