retrieve password through lostpass.php

If you want to retrive a password, you will receive a email message called "New Password Request at XOOPS Official Site". If you click on it, a new email message with a new password will be sent to you.

BUT once you have logged in with the new password, a "NEW Password Request ..." will be sent to you AGAIN and asks you to click on and change your password again.

The third email should not be sent by xoops.

tl

Can someone confirm if they are having the same problem? Anyone has a fix for it?

It is a very serious problem. It has the potential of trapping users into a loop of changing password.

Thanks.

tl

I guess I am the ONLY person is having this problem.

The problem I have fugured out is that once the new password was sent to you, XOOPS will re-direct you to user.php page, but with attachedment like this

user.php?xoops_redirect="......."

If you were to log in through this re-directed page, a new password request email would be generated and be sent to you. To a novice person, he/she would be attempting to click on it and the whole cycle re-starts again.

If you were to log in directly or delete the whole phrase "?xoops_redirect=......" in the re-directed page, no new email would be generated.

I am trying to figure out how I can set the re-direct to a simple user.php page without all the attachment.

Or if this could be done through user.php, so it would not trigger the lostpass.php again.

Anyone???

I have just fixed this on CVS. Thanks for letting us know.

include/functions.php
line 370

to

line 380

to


lostpass.php
line 73

to

Thank you, now it works.
tl