@robocoder opened this Issue on May 30th 2009 Contributor
  • error message (or redirect to Login screen) instead of a blank page when requesting a new password but user doesn't exist
  • "Remind password" is a misnomer for this button when it in fact sends a new password; change text to "Send Password Reset" and send email with link to a password reset form (see comment:5)
  • If sendmail isn't configured, it would be nice to include more validation before resetting passwords.
@robocoder commented on May 30th 2009 Contributor
  • include IP address of requester in the email message
@robocoder commented on June 19th 2009 Contributor

Third bullet item fixed in #815.

@mattab commented on August 13th 2009 Owner

Also (but probably not included in this ticket) we should not reset the password by default. Instead the email should contain a link to the piwik install that would then reset the password and show it to the user on the screen (or leave him change it see #526). Reset the password by default can be misused and annoy users.

@robocoder commented on August 21st 2009 Contributor

In [1415], fixes #749 - Login form changes

  1. Lost password form now sends an email with reset instructions and link to a password change form instead of changing the password.
  2. Added password change form which requires input of a generated token (valid for 24 hrs).
  3. Fix $urlToRedirect handling; refactoring; phpdoc comments; minor reformatting
@robocoder commented on August 22nd 2009 Contributor

In [1418], refs #749 - fix redirect after install

This Issue was closed on August 22nd 2009
Powered by GitHub Issue Mirror