Question/enhancement on mail token password reset -
Since we already have mail attribute for a user, in the
$mail_attribute, when the password reset screen asks for email address
-
could it validate the email address as the same stored in the directory
and either send as designed on a match or on mismatch send notification
of attempt to system owner ($mail_from) and the attempted user.
Maybe it does something similar already and I missed it, but seem like
a security risk to send a reset for a user to an email address of
someone else.
Thanks,
Shannon
_______________________________________________
ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users
