View Issue Details

IDProjectCategoryView StatusLast Update
0007319OXID eShop (all versions)2.1. Master Settingspublic2022-04-12 18:50
Reportermikkelfilla 
PrioritynormalSeverityminorReproducibilityalways
Status acknowledgedResolutionopen 
Product Version6.4.1 
Target VersionFixed in Version 
Summary0007319: With a server time shift, links for "forgot password" can become invalid
DescriptionIf in the admin area under Master Settings > Other settings > System > other settings > Server Time shift (hours) is set to -7, it is no longer possible to use the password forgotten function, because the sent link is then already expired.

The reason is that the methods loadUserByUpdateId and isExpiredUpdateId use the PHP function time() instead of the OXID function Registry::getUtilsDate()->getTime(). This way the time shift is not taken into account.
Steps To Reproduce- set Other settings > System > other settings > Server Time shift (hours) to -7
- using the forgotten password function for an existing account
- open the link from the mail
> This page is expired. Please use the function "Forgot password?" once again.
TagsNo tags attached.
ThemeNot defined
BrowserNot defined
PHP VersionNot defined
Database VersionNot defined

Activities

There are no notes attached to this issue.