Radicore Forum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » RADICORE development » Menu and Security » Password recovery
Password recovery [message #7480] Mon, 25 May 2020 09:56 Go to next message
htManager is currently offline  htManager
Messages: 271
Registered: May 2014
Senior Member
Hi Toni,
I tried to recover a password, pressed the link 'recover password' and the retrieve password form opened. I inserted my email address and I got the password.
But I inserted not the correct email address for this user-id, nevertheless I got the password.
This would mean that if I know the user-id of someone I could let me sent this password. Can this be right? Or do I have to change something in the configuration?
Re: Password recovery [message #7481 is a reply to message #7480] Tue, 26 May 2020 04:30 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2203
Registered: April 2006
Location: Surrey, UK
Senior Member
An email address can only be registered to one user in the MENU database, and when you enter an email address into the "Recover Password" screen it finds the user with that address, finds the password for that user, then sends that password to that email address.

If you enter somebody else's email address into that screen then the email will be sent to *THAT* address and not to *YOUR* address.


Re: Password recovery [message #7482 is a reply to message #7481] Tue, 26 May 2020 14:29 Go to previous messageGo to next message
htManager is currently offline  htManager
Messages: 271
Registered: May 2014
Senior Member
Yes, I see. Thank you. The email_adr column has a unique key. I was a little bit confused because I have three user with the same password. But the only thing that can happen is, that a user gets his password even though he didn't request it, if I enter his email-address.
Re: Password recovery [message #7484 is a reply to message #7481] Mon, 15 June 2020 11:22 Go to previous messageGo to next message
htManager is currently offline  htManager
Messages: 271
Registered: May 2014
Senior Member
The password recovery sends the password always to my email address and not to the address inserted in password recovery screen. I get the password instead of the user who has forgotten his password. The email was sent from "[no address given]"@internetprovider.de.
Do I have to change the setting somewhere?
Re: Password recovery [message #7485 is a reply to message #7484] Tue, 16 June 2020 04:30 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2203
Registered: April 2006
Location: Surrey, UK
Senior Member
Look in your CONFIG.INC file for a constant called MAIL_TO_REDIRECT. If this is defined then all outgoing emails will be sent to this address. This should only be used in a development environment.

Re: Password recovery [message #7486 is a reply to message #7485] Tue, 16 June 2020 13:44 Go to previous message
htManager is currently offline  htManager
Messages: 271
Registered: May 2014
Senior Member
Thank you. I had defined the MAIL_TO_REDIRECT constant to my email address. After undefining everything works fine now.
Previous Topic: Role - Task access (negative)
Next Topic: Introduction to Radicore's Menu and Security system
Goto Forum:
  


Current Time: Tue Jul 07 03:05:09 EDT 2020

Total time taken to generate the page: 0.01158 seconds