Results 1 to 3 of 3
  1. 27 Aug 2010, 11:45 PM #1
    timatidg
    timatidg is offline New Zenner
    Join Date
    Jul 2010
    Posts
    5
    Plugin Contributions
    0

    Default Page response on Forgotten Password form

    We just received a complaint about the forgotten password page not working.

    In reality, it works fine IF the user has an account.

    However, if they have no account /index.php?main_page=password_forgotten&action=process&zenid= just shows the same form again with no message about no such account existing.
    Forgotten Password
    Enter your email address below and we'll send you an email message containing your new password.
    How can this be fixed, please!

    (The same problem exists if someone puts in a user and password in the login and there is no account. There is no error message, the page just redisplays. Most systems reply with a general message of "This username or password is wrong" or some such thing so you don't give away which part is true. With no message, it looks broken!)
    Version: v1.3.9b
    Last edited by timatidg; 27 Aug 2010 at 11:50 PM. Reason: found new info
  2. 27 Aug 2010, 11:48 PM #2
    DrByte's Avatar
    DrByte
    DrByte is offline Sensei
    Join Date
    Jan 2004
    Posts
    58,246
    Blog Entries
    3
    Plugin Contributions
    106

    Default Re: Page response on Forgotten Password form

    So, if a hacker is sitting there trying to guess at email addresses or passwords, are you suggesting that you want to tell them exactly why they're not getting any answer?

    It is unwise to tell them "sorry, that's an invalid address". It's better to leave them wondering.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donations always welcome: www.zen-cart.com/donate

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
  3. 28 Aug 2010, 12:03 AM #3
    timatidg
    timatidg is offline New Zenner
    Join Date
    Jul 2010
    Posts
    5
    Plugin Contributions
    0

    Default Re: Page response on Forgotten Password form

    Found the problem--Styles are hiding all error messages from the user!
 

 
« Previous Thread | Next Thread »

Similar Threads

  1. Forgotten Password, doesnt send a temp password.
    By aforzon in forum General Questions
    Replies: 2
    Last Post: 8 Mar 2010, 07:11 PM
  2. blank password sent when click on forgotten password
    By paulFromWales in forum Templates, Stylesheets, Page Layout
    Replies: 5
    Last Post: 2 Feb 2009, 06:54 PM
  3. Password Forgotten tamplate: Form appearing way to the right
    By datatv in forum Templates, Stylesheets, Page Layout
    Replies: 3
    Last Post: 24 Sep 2008, 08:33 PM
  4. Lost password forgotten page in other languages
    By icemanchai in forum General Questions
    Replies: 5
    Last Post: 17 Aug 2006, 11:03 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Content and Graphics Copyright (c) 2003 - 2013 Zen Ventures, LLC - all rights reserved
Zen Cart® is a Registered Trademark of Zen Ventures, LLC