Password Forgotten - Error: The Email Address was not found in our records;

[kcb410]

Just to note that the message

Code:

Error: The Email Address was not found in our records; please try again.

doesn't come from Zen Cart core code. There might be something else going on in your store's password_forgotten page's handling.

Okay ... Interesting, I'll have to compare our password_forgotten to a fresh 1.54 version.

This error is only happening with one clients account, the password forgotten functions normally for other clients and our test account.

[mc12345678]

Okay ... Interesting, I'll have to compare our password_forgotten to a fresh 1.54 version.

This error is only happening with one clients account, the password forgotten functions normally for other clients and our test account.

A part of pci compliance (and I am no expert on such) is to not offer a different response for one aspect of credential failure than another... If that message is in fact displayed then one could try time and again to identify what email addresses are in the database and from there continue to either try passwords or use that information (existence of the email) for other purposes...

ZC 1.5.4 does not identify what was entered wrong, just that the credentials are incorrect (using whatever words are provided). This is the case in all such credential check, query, etc... (Forgotten password on store and admin side, login of both, etc...)

[kcb410]

A part of pci compliance (and I am no expert on such) is to not offer a different response for one aspect of credential failure than another... If that message is in fact displayed then one could try time and again to identify what email addresses are in the database and from there continue to either try passwords or use that information (existence of the email) for other purposes...

ZC 1.5.4 does not identify what was entered wrong, just that the credentials are incorrect (using whatever words are provided). This is the case in all such credential check, query, etc... (Forgotten password on store and admin side, login of both, etc...)

I justed checked our password_forgotten file against a clean version and they're identical, the "Error: The Email Address was not found in our records; please try again." does exist in that file.

[mc12345678]

I justed checked our password_forgotten file against a clean version and they're identical, the "Error: The Email Address was not found in our records; please try again." does exist in that file.

Clean version as obtained from what plugin or other additional code. That statement is not in a vanilla install of ZC 1.5.4.

[lat9]

My bad (); that message is in Zen Cart v1.5.4 language file, but it's not used in the page's processing.

The standard processing for Zen Cart v1.5.4 (and later) is to display the message A new password has been sent to your email address. regardless whether the email address was found.

[kcb410]

My bad (); that message is in Zen Cart v1.5.4 language file, but it's not used in the page's processing.

The standard processing for Zen Cart v1.5.4 (and later) is to display the message A new password has been sent to your email address. regardless whether the email address was found.

No problem...I assume that's not the cause of the problem I'm having with the client's email not being recognized when it's actually in the database.

[mc12345678]

Okay ... Interesting, I'll have to compare our password_forgotten to a fresh 1.54 version.

This error is only happening with one clients account, the password forgotten functions normally for other clients and our test account.

Wondering if this "one" account is an issue for a different reason?

You've been able to reproduce the error using the e-mail address that has been provided, is in the store database, and is the only customer that has reported this issue?

Looks like the source of files that I used to search did not include some aspect that would have shown the define: TEXT_NO_EMAIL_ADDRESS_FOUND as listed in includes/languages/YOUR_LANGUAGE/password_forgotten.php. At the same time in ZC 1.5.4 that is a define that is otherwise unused in whole (perhaps some piecing together for parts of it is done, though I doubt as I've provided incorrect credentials a number of times on such a system and always get the same you dummy-head message. :) )