Piwigo Bugtracker

Viewing Issue Advanced Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0002027 [Piwigo] users & groups feature have not tried 2010.11.11 17:11 2011.08.24 22:05
Reporter plg View Status public  
Assigned To plg
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 2.3.0RC1 Product Version 2.1.5
  Target Version 2.3.0RC1 Product Build
Summary 0002027: redesign the lost password feature
Description The lost password feature is not very "standard compliant". I mean Piwigo doesn't do it the same way all web application do. To make it understandable to users, we should comply with a more standard behavior:

1) the user must give its email address (or username? I don't know let's investigate on other web applications)

2) if Piwigo finds the corresponding user, send a confirmation link to the email address

3) if the user clicks on the confirmation link, then Piwigo sends a new password by email
Steps To Reproduce
Additional Information
Tags No tags attached.
browser any
Database engine and version
PHP version
Web server Apache 1.3.x
Attached Files

- Relationships

-  Notes
eric (developer)
2010.11.12 11:57

My point of view for step 1): User should give his username *OR* his email address.

If username is set -> Check corresponding email address in database.
If email address is set -> Check corresponding username in database.

In all cases, the couple "username/email address" is needed to generate the email with confirmation link.
plg (manager)
2010.11.12 12:01

I don't understand what you mean. Do you say user should give username + email address to get a new password?
plg (manager)
2010.11.12 12:07

Here is the way WordPress works:

1) "enter Username or Email Address"
2) a confirmation link is sent to the corresponding email address
3) when you click on the confirmation link it send the new password by email
eric (developer)
2010.11.12 17:01

plg wrote:
>Here is the way WordPress works:
>1) "enter Username or Email Address"

This is exactly what i wrote in my first note. "Username *OR* Email address". Not *AND* ;-) I was just answering your interrogation at point 1) of this bug description.
The Wordpress process is the right way, in my mind.
svn (reporter)
2011.08.24 22:03

[Subversion] r11992 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
feature 2027 implemented: the "lost password" feature was rewritten.

The algorithm is highly inspired from WordPress :

1) in a single field, you give a username or an email
2) Piwigo sends an email with the activation key
3) the user clicks on the link in the email (with the activation key) and is able to set a new password

The "lost password" feature is no longer limited to "classic" users:
administrators and webmasters can use it too (no need to tell webmasters
that they can only change their password in the database)

- Issue History
Date Modified Username Field Change
2010.11.11 17:11 plg New Issue
2010.11.11 17:11 plg Status new => assigned
2010.11.11 17:11 plg Assigned To => plg
2010.11.11 17:11 plg browser => any
2010.11.11 17:11 plg Web server => Apache 1.3.x
2010.11.12 11:57 eric Note Added: 0004494
2010.11.12 12:01 plg Note Added: 0004495
2010.11.12 12:07 plg Note Added: 0004496
2010.11.12 17:01 eric Note Added: 0004497
2011.01.18 15:43 plg Target Version 2.2 => 2.3
2011.08.24 22:03 svn Checkin
2011.08.24 22:03 svn Note Added: 0005430
2011.08.24 22:05 plg Status assigned => closed
2011.08.24 22:05 plg Resolution open => fixed
2011.08.24 22:05 plg Fixed in Version => 2.3.0RC1
2011.08.24 22:05 plg Target Version 2.3.0beta1 => 2.3.0RC1

Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker