[Vtigercrm-developers] ForgotPassword does not include the required information

[Prasad]

The file pointed out is not required (we will drop it in 6.1.0) - the
functionality is handled by action file instead.
Reference: http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/8207

*Connect with us on: *Twitter <http://twitter.com/vtigercrm> *I* Facebook
<http://www.facebook.com/pages/vtiger/226866697333578?sk=wall> *I* Blog
<https://blogs.vtiger.com/>* I* Wiki
<http://wiki.vtiger.com/index.php/Main_Page> *I *Forums
<https://discussions.vtiger.com>*I* Website <https://www.vtiger.com/>


On Tue, Sep 2, 2014 at 7:53 AM, Hamono, Chris (DPC) <Chris.Hamono at sa.gov.au>
wrote:

>
> When a user is using self service to change their password the process
> fails
>
> The problem is that two important fields are not being passed to the
> forgotpassword template and therefore not being sent to the forgotPassword
> action script
>
> The two required fields are secret_hash and shorturl_id
>
> Without the secret hash the function fails, without the shorturl id the
> shorturl table cannot be cleaned which is a security risk, short urls
> should also be timed out when appropriate such as in the case of password
> resets!
>
> The scripts at the centre of this problem is …
>
> *http://trac.vtiger.com/cgi-bin/trac.cgi/browser/vtigercrm/trunk/modules/Users/ForgotPassword.php?rev=14045*
> <http://trac.vtiger.com/cgi-bin/trac.cgi/browser/vtigercrm/trunk/modules/Users/ForgotPassword.php?rev=14045>
>
> Severity: Showstopper!
>
> I am about to implement an internal secure vtiger instance with hundreds
> of  users. Such a system will cause major headaches if users cannot reset
> their passwords
>
> Chris
>
>
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140902/fac9faee/attachment.html>