View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001273||OXID eShop (all versions)||1.05. Users||public||2009-09-01 13:57||2009-09-04 14:59|
|Product Version||4.1.5 revision 21618|
|Target Version||Fixed in Version|
|Summary||0001273: forgot password emails with wrong links - wrong database query in oxemail::sendForgotPwdEmail()|
|Description||If you have several subshops configured so that each shop has its own customers and customers cannot login other subshops, then you get wrong links in password forgotten mails due to the following query:|
$sSelect = "select oxid from oxuser where oxuser.oxactive = 1 and
oxuser.oxusername = '$sEmailAddress' and oxuser.oxpassword != ''
order by oxshopid = '".$oShop->getId()."' desc";
Instead of "order by oxshopid" we do need a " and oxshopid = '".$oShop->getId()."' " - at least if the above mentioned config is chosen (which is very often the case).
Otherwise you get a result of this query allthough user is not registered in actual shop.
|Tags||No tags attached.|
In addition: could you please seperate the logic of checking the user from sending the email? I think this should not be located in oxemail class - and should definetly be in a single function.
||Request to separate logic - is moved to customers whishlist. Will be considered later.|