https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36602
--- Comment #2 from Christopher Brannon <[email protected]> --- Again, I'm not sure what exactly the end goal here is. My initial thought is that this is a feature to stop someone from trying to hack an account. Is that the point? Because, as is, it seems more like a feature to get you to stop trying to figure out your password and just get it reset. I guess, sure, if there is a bot constantly trying to hack the account, it is going to keep trying that account number and rotate through password iterations until it is stopped. But if you unlock the account, even with a new password, wouldn't it just keep trying again? So, it would seem we are just trying to make the user give up and contact the library. One thought about this is, if the account has an email address, instead of having the user go through the library to change the password, just lock the account and email a password reset to the email account. The only argument I could see against that is if someone had access to a patron's email account and forced Koha to send a reset. But if they have access to the email account, they could always use the forgot email option. In both cases they would already have all the pieces they would need to get into the account. So, it seems reasonable that sending a reset to the patron email account automatically would be acceptable. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
