Project

General

Profile

Actions

Feature #48364

closed

Remove password from fe_user after click on forgot_password link

Added by Joerg Schoppet over 11 years ago. Updated over 11 years ago.

Status:
Rejected
Priority:
Could have
Assignee:
-
Category:
felogin
Target version:
-
Start date:
2013-05-17
Due date:
% Done:

0%

Estimated time:
PHP Version:
5.3
Tags:
Complexity:
medium
Sprint Focus:

Description

Hi,

currently if I use the "Forgot Password" feature of felogin the existing password still allows for re-login. For security-reason it would be meaningfull to remove the password from the user (or set a random string) as soon as the email was sent, so that the user has to create a new one.

An additional setting in TS (clearPasswordAfterForgot), which defaults to 0 (do not clear the password field) would ease the configuration and keep BC.

Place would be in "FrontendLoginController.php" -> showForgot() after line 249.

Regards

joerg

Actions

Also available in: Atom PDF