Piwigo Bugtracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002027Piwigousers & groupspublic2010.11.11 17:112011.08.24 22:05
Assigned Toplg 
PrioritynormalSeverityfeatureReproducibilityhave not tried
PlatformOSOS Version
Product Version2.1.5 
Target Version2.3.0RC1Fixed in Version2.3.0RC1 
Summary0002027: redesign the lost password feature
DescriptionThe lost password feature is not very "standard compliant". I mean Piwigo doesn't do it the same way all web application do. To make it understandable to users, we should comply with a more standard behavior:

1) the user must give its email address (or username? I don't know let's investigate on other web applications)

2) if Piwigo finds the corresponding user, send a confirmation link to the email address

3) if the user clicks on the confirmation link, then Piwigo sends a new password by email
TagsNo tags attached.
Database engine and version
PHP version
Web serverApache 1.3.x
Attached Files

- Relationships

-  Notes
eric (developer)
2010.11.12 11:57

My point of view for step 1): User should give his username *OR* his email address.

If username is set -> Check corresponding email address in database.
If email address is set -> Check corresponding username in database.

In all cases, the couple "username/email address" is needed to generate the email with confirmation link.
plg (manager)
2010.11.12 12:01

I don't understand what you mean. Do you say user should give username + email address to get a new password?
plg (manager)
2010.11.12 12:07

Here is the way WordPress works:

1) "enter Username or Email Address"
2) a confirmation link is sent to the corresponding email address
3) when you click on the confirmation link it send the new password by email
eric (developer)
2010.11.12 17:01

plg wrote:
>Here is the way WordPress works:
>1) "enter Username or Email Address"

This is exactly what i wrote in my first note. "Username *OR* Email address". Not *AND* ;-) I was just answering your interrogation at point 1) of this bug description.
The Wordpress process is the right way, in my mind.
svn (reporter)
2011.08.24 22:03

[Subversion] r11992 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
feature 2027 implemented: the "lost password" feature was rewritten.

The algorithm is highly inspired from WordPress :

1) in a single field, you give a username or an email
2) Piwigo sends an email with the activation key
3) the user clicks on the link in the email (with the activation key) and is able to set a new password

The "lost password" feature is no longer limited to "classic" users:
administrators and webmasters can use it too (no need to tell webmasters
that they can only change their password in the database)

- Issue History
Date Modified Username Field Change
2010.11.11 17:11 plg New Issue
2010.11.11 17:11 plg Status new => assigned
2010.11.11 17:11 plg Assigned To => plg
2010.11.11 17:11 plg browser => any
2010.11.11 17:11 plg Web server => Apache 1.3.x
2010.11.12 11:57 eric Note Added: 0004494
2010.11.12 12:01 plg Note Added: 0004495
2010.11.12 12:07 plg Note Added: 0004496
2010.11.12 17:01 eric Note Added: 0004497
2011.01.18 15:43 plg Target Version 2.2 => 2.3
2011.08.24 22:03 svn Checkin
2011.08.24 22:03 svn Note Added: 0005430
2011.08.24 22:05 plg Status assigned => closed
2011.08.24 22:05 plg Resolution open => fixed
2011.08.24 22:05 plg Fixed in Version => 2.3.0RC1
2011.08.24 22:05 plg Target Version 2.3.0beta1 => 2.3.0RC1

Copyright © 2000 - 2015 MantisBT Team
Powered by Mantis Bugtracker