Hello,
No matter what garbage email I make up the Forgotten Password routine always replies with the SUCCESS_PASSWORD_SENT message.
Additionally a search of the entire install's code for the TEXT_NO_EMAIL_ADDRESS_FOUND constant comes up empty except for the define() call in includes/languages/english/password_forgotten.php...
define('TEXT_NO_EMAIL_ADDRESS_FOUND', 'Error: The Email Address was not found in our records; please try again.');
define('SUCCESS_PASSWORD_SENT', 'A new password has been sent to your email address.');
In header_php.php I see
if ($check_customer->RecordCount() > 0) {
...
} else {
$zco_notifier->notify('NOTIFY_PASSWORD_FORGOTTEN_NOT_FOUND', $email_address);
}
$messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success');
Since the success message is outside that conditional maybe that is why we always see the success message?
Additionally in my whole install I cannot find any other reference to NOTIFY_PASSWORD_FORGOTTEN_NOT_FOUND.
Is this a bug? How do I get notification of a bad email address delivered to screen here?
TIA
David
Bookmarks