Radicore Forum: Menu and Security

Home » RADICORE development » Menu and Security » Password recovery

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Password recovery [message #7480]

Mon, 25 May 2020 09:56

htManager
Messages: 316
Registered: May 2014

Senior Member

Hi Toni,
I tried to recover a password, pressed the link 'recover password' and the retrieve password form opened. I inserted my email address and I got the password.
But I inserted not the correct email address for this user-id, nevertheless I got the password.
This would mean that if I know the user-id of someone I could let me sent this password. Can this be right? Or do I have to change something in the configuration?

Report message to a moderator

Re: Password recovery [message #7481 is a reply to message #7480]

Tue, 26 May 2020 04:30

AJM
Messages: 2244
Registered: April 2006
Location: Surrey, UK

Senior Member

An email address can only be registered to one user in the MENU database, and when you enter an email address into the "Recover Password" screen it finds the user with that address, finds the password for that user, then sends that password to that email address.

If you enter somebody else's email address into that screen then the email will be sent to *THAT* address and not to *YOUR* address.

Tony Marston
http://www.tonymarston.net
http://www.radicore.org

Report message to a moderator

Re: Password recovery [message #7482 is a reply to message #7481]

Tue, 26 May 2020 14:29

htManager
Messages: 316
Registered: May 2014

Senior Member

Yes, I see. Thank you. The email_adr column has a unique key. I was a little bit confused because I have three user with the same password. But the only thing that can happen is, that a user gets his password even though he didn't request it, if I enter his email-address.

Report message to a moderator

Re: Password recovery [message #7484 is a reply to message #7481]

Mon, 15 June 2020 11:22

htManager
Messages: 316
Registered: May 2014

Senior Member

The password recovery sends the password always to my email address and not to the address inserted in password recovery screen. I get the password instead of the user who has forgotten his password. The email was sent from "[no address given]"@internetprovider.de.
Do I have to change the setting somewhere?

Report message to a moderator

Re: Password recovery [message #7485 is a reply to message #7484]

Tue, 16 June 2020 04:30

AJM
Messages: 2244
Registered: April 2006
Location: Surrey, UK

Senior Member

Look in your CONFIG.INC file for a constant called MAIL_TO_REDIRECT. If this is defined then all outgoing emails will be sent to this address. This should only be used in a development environment.

Tony Marston
http://www.tonymarston.net
http://www.radicore.org

Report message to a moderator

Re: Password recovery [message #7486 is a reply to message #7485]

Tue, 16 June 2020 13:44

htManager
Messages: 316
Registered: May 2014

Senior Member

Thank you. I had defined the MAIL_TO_REDIRECT constant to my email address. After undefining everything works fine now.

Report message to a moderator

Previous Topic:	Role - Task access (negative)
Next Topic:	Introduction to Radicore's Menu and Security system

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Wed May 12 15:59:10 EDT 2021

Total time taken to generate the page: 0.01381 seconds