Announcement

Collapse
No announcement yet.

password reset bug

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    password reset bug

    On opening the forum in my browser I was informed that my password had expired. I went to the appropriate account page, realised I couldn't remember my password and used the 'reset password' feature.

    On clicking the link in the subsequent email it sent me to a page on the forum that refused to show, instead telling me that my password had expired. That page helpfully took me to the appropriate account page to change my password, where I realised I couldn't remember my password and made the conscious choice not to infinite loop.

    Workaround: Select my name at the top and from the drop down menu choose Log Out. At that point the forum didn't know who I was, didn't know my password expired and so didn't redirect the password reset link from the email.

    #2
    That, unfortunately is a known issue if you try to reset your password after it has expired. The only work around is exactly the one you used. You have to logout to reset your password. Fixing it requires hacking a core file so it's not something I can fix. Well I could, but I like being able to perform upgrades without pulling out every hair on my body
    I GET KNOCKED DOWN BUT I GET UP AGAIN!

    Comment


      #3
      Is it easy to add a note in the reset email suggesting logging out? Some people may not think of that as an option.

      Comment


        #4
        Originally posted by BabyAnna View Post
        Is it easy to add a note in the reset email suggesting logging out? Some people may not think of that as an option.
        Sure, but no one would read it based on past experiences. You have no idea how many idiots users reply to notification emails that clearly have both NOREPLY and NOTIFICATIONS in the from address and literally say not to reply to them.

        What I can do safely is modify the userCP to not offer the reset link at all and put the message about logging out there. People are at least more likely to read the note there.

        EDIT: Actually, I modified the message in the userCP to tell people to logout but still provides the link as there is one small advantage to requesting the reset link while logged in: You don't have to deal with reCAPTCHA if you're still logged in and you don't need to logout until you're ready to reset your password.
        Last edited by Penguin; 04-03-2019, 04:40:47 AM.
        I GET KNOCKED DOWN BUT I GET UP AGAIN!

        Comment


          #5
          This is a test
          I GET KNOCKED DOWN BUT I GET UP AGAIN!

          Comment


            #6
            Huh, weird. That same message got blocked in another thread O-o
            I GET KNOCKED DOWN BUT I GET UP AGAIN!

            Comment

            Working...
            X