Ok, further testing proves, you validate the email with the mail token
reset.
My apologizes.
I do have a further question, and maybe enhancement request but I will
submit in another email.
Sorry for the time.
Shannon
On 31.12.2011 18:04, Shannon wrote:
Question/enhancement on mail token password reset -
Since we already have mail attribute for a user, in the
$mail_attribute, when the password reset screen asks for email
address -
could it validate the email address as the same stored in the
directory
and either send as designed on a match or on mismatch send
notification
of attempt to system owner ($mail_from) and the attempted user.
Maybe it does something similar already and I missed it, but seem
like
a security risk to send a reset for a user to an email address of
someone else.
Thanks,
Shannon
_______________________________________________
ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users
