View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000839 | OXID eShop (all versions) | 1. ----- eShop frontend ----- | public | 2009-04-28 14:58 | 2012-12-10 14:17 |
| Reporter | joshua | Assigned To | |||
| Priority | low | Severity | tweak | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Summary | 0000839: Method forgotPassword in forgotpwd.php send email, even if user is not a user of current shop | ||||
| Description | Scenario: We have two subshops in mall, user A is registered in shop with id 1 an uses the forgotpwd-function in shop with id 2, an email with the passwort-link is sent to the user. Clicking the link lead to shop with id 2 but results in an error saying the link is expired. The problem resides in the method forgotpwd::forgotPassword(), there should be an additional check if the user is registered in current shop or if config option "blMallUsers" is enabled. If you provide an email address of a user who is registered in e.g. shop with id 1 | ||||
| Additional Information | Such case occurs, when option "blMallUsers" is not checked. | ||||
| Tags | Subshops | ||||
| Theme | |||||
| Browser | |||||
| PHP Version | |||||
| Database Version | |||||
| has duplicate | 0001273 | resolved | sarunas_valaskevicius | forgot password emails with wrong links - wrong database query in oxemail::sendForgotPwdEmail() |
