Radicore Forum
Fast Uncompromising Discussions. FUDforum will get your users talking.
Home » RADICORE development » Menu and Security » Password recovery
Password recovery [message #7480] Mon, 25 May 2020 09:56 Go to next message
htManager is currently offline  htManager
Messages: 452
Registered: May 2014
Senior Member
Hi Toni,
I tried to recover a password, pressed the link 'recover password' and the retrieve password form opened. I inserted my email address and I got the password.
But I inserted not the correct email address for this user-id, nevertheless I got the password.
This would mean that if I know the user-id of someone I could let me sent this password. Can this be right? Or do I have to change something in the configuration?

Report message to a moderator

Re: Password recovery [message #7481 is a reply to message #7480] Tue, 26 May 2020 04:30 Go to previous messageGo to next message
AJM is currently online  AJM
Messages: 2378
Registered: April 2006
Location: Surrey, UK
Senior Member
An email address can only be registered to one user in the MENU database, and when you enter an email address into the "Recover Password" screen it finds the user with that address, finds the password for that user, then sends that password to that email address.

If you enter somebody else's email address into that screen then the email will be sent to *THAT* address and not to *YOUR* address.

Tony Marston
http://www.tonymarston.net
http://www.radicore.org

Report message to a moderator

Re: Password recovery [message #7482 is a reply to message #7481] Tue, 26 May 2020 14:29 Go to previous messageGo to next message
htManager is currently offline  htManager
Messages: 452
Registered: May 2014
Senior Member
Yes, I see. Thank you. The email_adr column has a unique key. I was a little bit confused because I have three user with the same password. But the only thing that can happen is, that a user gets his password even though he didn't request it, if I enter his email-address.

Report message to a moderator

Re: Password recovery [message #7484 is a reply to message #7481] Mon, 15 June 2020 11:22 Go to previous messageGo to next message
htManager is currently offline  htManager
Messages: 452
Registered: May 2014
Senior Member
The password recovery sends the password always to my email address and not to the address inserted in password recovery screen. I get the password instead of the user who has forgotten his password. The email was sent from "[no address given]"@internetprovider.de.
Do I have to change the setting somewhere?

Report message to a moderator

Re: Password recovery [message #7485 is a reply to message #7484] Tue, 16 June 2020 04:30 Go to previous messageGo to next message
AJM is currently online  AJM
Messages: 2378
Registered: April 2006
Location: Surrey, UK
Senior Member
Look in your CONFIG.INC file for a constant called MAIL_TO_REDIRECT. If this is defined then all outgoing emails will be sent to this address. This should only be used in a development environment.

Tony Marston
http://www.tonymarston.net
http://www.radicore.org

Report message to a moderator

Re: Password recovery [message #7486 is a reply to message #7485] Tue, 16 June 2020 13:44 Go to previous message
htManager is currently offline  htManager
Messages: 452
Registered: May 2014
Senior Member
Thank you. I had defined the MAIL_TO_REDIRECT constant to my email address. After undefining everything works fine now.

Report message to a moderator

Previous Topic: Role - Task access (negative)
Next Topic: Introduction to Radicore's Menu and Security system
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Thu Apr 03 04:32:00 EDT 2025

Total time taken to generate the page: 0.01398 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.1.3.
Copyright ©2001-2023 FUDforum Bulletin Board Software