View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001273 | OXID eShop (all versions) | 1.05. Users | public | 2009-09-01 13:57 | 2009-09-04 14:59 |
| Reporter | andreas_ziethen | Assigned To | |||
| Priority | high | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | duplicate | ||
| Product Version | 4.1.5 revision 21618 | ||||
| Summary | 0001273: forgot password emails with wrong links - wrong database query in oxemail::sendForgotPwdEmail() | ||||
| Description | If you have several subshops configured so that each shop has its own customers and customers cannot login other subshops, then you get wrong links in password forgotten mails due to the following query: $sSelect = "select oxid from oxuser where oxuser.oxactive = 1 and oxuser.oxusername = '$sEmailAddress' and oxuser.oxpassword != '' order by oxshopid = '".$oShop->getId()."' desc"; Instead of "order by oxshopid" we do need a " and oxshopid = '".$oShop->getId()."' " - at least if the above mentioned config is chosen (which is very often the case). Otherwise you get a result of this query allthough user is not registered in actual shop. | ||||
| Tags | No tags attached. | ||||
| Theme | |||||
| Browser | All | ||||
| PHP Version | 5.2.6 | ||||
| Database Version | 5.0.33 | ||||
| duplicate of | 0000839 | resolved | sarunas_valaskevicius | Method forgotPassword in forgotpwd.php send email, even if user is not a user of current shop |
| related to | 0001272 | resolved | sarunas_valaskevicius | Password forgotten link does not work because FireFox corrupts character in oxupdatepassinfoplainemail |
