Hi, I think that is what is currently the case...are you running the latest version i.e. 0.6? Tokens are sent to existing emails...
sent from google nexus On Jan 2, 2012 9:30 AM, "Shannon" <[email protected]> wrote: > Question/enhancement on mail token password reset - > > Since we already have mail attribute for a user, in the > $mail_attribute, when the password reset screen asks for email address - > could it validate the email address as the same stored in the directory > and either send as designed on a match or on mismatch send notification > of attempt to system owner ($mail_from) and the attempted user. > > Maybe it does something similar already and I missed it, but seem like > a security risk to send a reset for a user to an email address of > someone else. > > Thanks, > > Shannon > ______________________________**_________________ > ltb-users mailing list > [email protected].**org <[email protected]> > http://lists.ltb-project.org/**listinfo/ltb-users<http://lists.ltb-project.org/listinfo/ltb-users> >
_______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
