[FIXED] - Request to change how lost password request is handled in J!1.5

Locked
User avatar
aravot
Joomla! Ace
Joomla! Ace
Posts: 1015
Joined: Thu Aug 18, 2005 1:16 am
Location: Glendale, CA, USA
Contact:

[FIXED] - Request to change how lost password request is handled in J!1.5

Post by aravot » Wed May 30, 2007 10:11 pm

Currently in both Joomla 1.0.x and Joomla 1.5 when a user requests lost password, Joomla creates a new password and sends it to user's email address, although not a security risk but can be used for nuisance and create hassle for other users by keep resetting other users password.

suggestion instead of creating a new password, send a link requesting to click on the link to reset password, otherwise continue using the old password.
Last edited by Jinx on Wed Jun 27, 2007 3:11 pm, edited 1 time in total.

User avatar
THE_AI
Joomla! Explorer
Joomla! Explorer
Posts: 252
Joined: Sat Jun 03, 2006 4:33 pm
Contact:

Re: Request to change how lost password request is handled in J!1.5

Post by THE_AI » Wed May 30, 2007 10:14 pm

I absolutely agree with that proposal!

Nakebod
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 103
Joined: Thu Dec 08, 2005 4:07 pm
Location: Nijmegen, Th Netherlands
Contact:

Re: Request to change how lost password request is handled in J!1.5

Post by Nakebod » Thu May 31, 2007 11:59 am

I don't know how much this is "abused", but I totally agree.

I can imagine that you have multiple usernames on different sites (e.g. username already taken) so you want to reset the password for "your" account.
Something like Drupal's Global login system could be a nice solution for this, or whatever they call it. But thats not the question here :)

User avatar
RobS
Joomla! Ace
Joomla! Ace
Posts: 1367
Joined: Mon Dec 05, 2005 10:17 am
Location: New Orleans, LA, USA
Contact:

Re: Request to change how lost password request is handled in J!1.5

Post by RobS » Wed Jun 27, 2007 9:44 am

I just committed a significant reworking of the password reset process.  I believe it is a significant improvement over the old process and should remove the ability to abuse the system without significantly more effort and work.

For a full description of the changes please see: http://groups.google.com/group/joomla-d ... 6fd404e437

Thanks.
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions

User avatar
THE_AI
Joomla! Explorer
Joomla! Explorer
Posts: 252
Joined: Sat Jun 03, 2006 4:33 pm
Contact:

Re: Request to change how lost password request is handled in J!1.5

Post by THE_AI » Wed Jun 27, 2007 12:46 pm

Well done Rob!
And congratulation for entering the Dev group :)

User avatar
Jinx
Joomla! Champion
Joomla! Champion
Posts: 6569
Joined: Fri Aug 12, 2005 12:47 am
Contact:

Re: Request to change how lost password request is handled in J!1.5

Post by Jinx » Wed Jun 27, 2007 3:11 pm

Gonna close this one down, as being implemented.
Johan Janssens - Joomla Co-Founder, Lead Developer of Joomla 1.5

http://www.joomlatools.com - Joomla extensions that just work

User avatar
aravot
Joomla! Ace
Joomla! Ace
Posts: 1015
Joined: Thu Aug 18, 2005 1:16 am
Location: Glendale, CA, USA
Contact:

Re: Request to change how lost password request is handled in J!1.5

Post by aravot » Wed Jun 27, 2007 3:59 pm

RobS wrote: For a full description of the changes please see: http://groups.google.com/group/joomla-d ... 6fd404e437
Is the group only for devs or Q&T too can join, if so invite please.

User avatar
RobS
Joomla! Ace
Joomla! Ace
Posts: 1367
Joined: Mon Dec 05, 2005 10:17 am
Location: New Orleans, LA, USA
Contact:

Re: [FIXED] - Request to change how lost password request is handled in J!1.5

Post by RobS » Thu Jun 28, 2007 12:41 am

That group is for devs only.
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Locked

Return to “Q&T 1.5.x Resolved”