Feature #20209

fe_users.email should be unique if "forgot password" is used in fe_login

Added by Nabil Sayegh over 11 years ago. Updated 8 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
felogin
Target version:
-
Start date:
2009-03-19
Due date:
% Done:

0%

Estimated time:
PHP Version:
5.2
Tags:
Complexity:
Sprint Focus:
Needs Decision

Description

The email attribute of fe_users is used to identify the tuple, so it should be unique.

ALTER TABLE fe_users ADD unique (email);
(issue imported from #M10728)


Related issues

Related to TYPO3 Core - Bug #20210: fe_login: Forgot Password should not send passwords if they are hashed (md5)Closed2009-03-19

Actions
Related to TYPO3 Core - Epic #84262: [FEATURE] Update felogin to extbaseClosedHenning Liebe2013-08-16

Actions
#1

Updated by Alexander Opitz over 7 years ago

  • Status changed from New to Needs Feedback
  • Target version deleted (0)

The issue is very old, does this issue exists in newer versions of TYPO3 CMS (4.5 or 6.1)?

#2

Updated by Alexander Opitz about 7 years ago

  • Status changed from Needs Feedback to Closed

No feedback for over 90 days.

#3

Updated by Jonas Eberle almost 6 years ago

  • Status changed from Closed to New

Yes, this issue still exists. (Typo3 CMS 6.2)
I would say the same holds true for usernames.

#4

Updated by Susanne Moog over 5 years ago

  • Sprint Focus set to PRC
#5

Updated by Jigal van Hemert over 5 years ago

Because it's possible to have several websites in a single installation we can't use the db (within DBAL limitations) to enforce the uniqueness.
In the username property the TCA is already configured to only allow unique username in a folder.

So, instead of changing the db configuration, I'd change the TCA configuration.

#6

Updated by Riccardo De Contardi over 4 years ago

  • Category set to felogin
#7

Updated by Jan Stockfisch over 2 years ago

  • Related to Epic #84262: [FEATURE] Update felogin to extbase added
#8

Updated by Daniel Goerz 10 months ago

  • Status changed from New to Closed

Hi. In v10 the password recovery functionality has been changed to identify the user by the hash and no longer by email. However, this change will not be backported to v9 because it was part of a larger refactoring. Therefore I am closing this issue now.

#9

Updated by Benni Mack 8 months ago

  • Sprint Focus changed from PRC to Needs Decision

Also available in: Atom PDF