Results 1 to 3 of 3
  1. 27 Aug 2010, 11:45 PM #1
    timatidg
    timatidg is offline New Zenner
    Join Date
    Jul 2010
    Posts
    5
    Plugin Contributions
    0

    Default Page response on Forgotten Password form

    We just received a complaint about the forgotten password page not working.

    In reality, it works fine IF the user has an account.

    However, if they have no account /index.php?main_page=password_forgotten&action=process&zenid= just shows the same form again with no message about no such account existing.
    Forgotten Password
    Enter your email address below and we'll send you an email message containing your new password.
    How can this be fixed, please!

    (The same problem exists if someone puts in a user and password in the login and there is no account. There is no error message, the page just redisplays. Most systems reply with a general message of "This username or password is wrong" or some such thing so you don't give away which part is true. With no message, it looks broken!)
    Version: v1.3.9b
    Last edited by timatidg; 27 Aug 2010 at 11:50 PM. Reason: found new info
  2. 27 Aug 2010, 11:48 PM #2
    DrByte's Avatar
    DrByte
    DrByte is offline Sensei
    Join Date
    Jan 2004
    Posts
    66,373
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Page response on Forgotten Password form

    So, if a hacker is sitting there trying to guess at email addresses or passwords, are you suggesting that you want to tell them exactly why they're not getting any answer?

    It is unwise to tell them "sorry, that's an invalid address". It's better to leave them wondering.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
  3. 28 Aug 2010, 12:03 AM #3
    timatidg
    timatidg is offline New Zenner
    Join Date
    Jul 2010
    Posts
    5
    Plugin Contributions
    0

    Default Re: Page response on Forgotten Password form

    Found the problem--Styles are hiding all error messages from the user!
 

 
« Previous Thread | Next Thread »

Similar Threads

  1. v151 Password Forgotten page not working
    By aperfecthost in forum General Questions
    Replies: 3
    Last Post: 1 Apr 2015, 12:01 AM
  2. v153 False Positive Response on Forgotten Password Page
    By jerrygarciuh in forum General Questions
    Replies: 2
    Last Post: 27 Jan 2015, 12:38 AM
  3. v139h Forgotten Password page missing
    By weirdorecords in forum Templates, Stylesheets, Page Layout
    Replies: 22
    Last Post: 13 May 2012, 07:55 AM
  4. Password Forgotten page is blank with COWOA
    By craftzombie in forum All Other Contributions/Addons
    Replies: 3
    Last Post: 5 Sep 2010, 08:59 AM
  5. Password Forgotten tamplate: Form appearing way to the right
    By datatv in forum Templates, Stylesheets, Page Layout
    Replies: 3
    Last Post: 24 Sep 2008, 08:33 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR
Content and Graphics Copyright (c) 2003 - 2024 Zen Ventures, LLC - all rights reserved
Zen Cart® is a Registered Trademark of Zen Ventures, LLC