View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007319 | OXID eShop (all versions) | 2.1. Master Settings | public | 2022-04-12 18:17 | 2024-08-07 13:10 |
| Reporter | mf | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | acknowledged | Resolution | open | ||
| Product Version | 6.4.1 | ||||
| Summary | 0007319: With a server time shift, links for "forgot password" can become invalid | ||||
| Description | If in the admin area under Master Settings > Other settings > System > other settings > Server Time shift (hours) is set to -7, it is no longer possible to use the password forgotten function, because the sent link is then already expired. The reason is that the methods loadUserByUpdateId and isExpiredUpdateId use the PHP function time() instead of the OXID function Registry::getUtilsDate()->getTime(). This way the time shift is not taken into account. | ||||
| Steps To Reproduce | - set Other settings > System > other settings > Server Time shift (hours) to -7 - using the forgotten password function for an existing account - open the link from the mail > This page is expired. Please use the function "Forgot password?" once again. | ||||
| Tags | No tags attached. | ||||
| Theme | Not defined | ||||
| Browser | Not defined | ||||
| PHP Version | Not defined | ||||
| Database Version | Not defined | ||||
