Hi all,

there seems to be a bug in the password reset function.
With GMail one can use aliases on his e-mail by adding a suffix to the part in front of the "@". If one's e-mail is myname@gmail.com he can also use myname+1@gmail.com, myname+2@gmail.com etc. All mails will be automatically redirected to myname@gmail.com.

If you try to reset your PiWiGo password for an account that uses an alias address like this you get an error message "Invalid username or email". This happens after clicking the link in the mail from PiWiGo and entering the new password twice.
Dumping the variables used in password.php I found that $email is myname 1@gmail.com instead of myname+1@gmail.com so the '+' in the address gets lost somewhere.

Resetting the password for accounts without a '+' in the address works without problems.


Regards -- Markus


Piwigo version: 2.9.5
PHP version: 7.2
MySQL version: 5.7
Piwigo URL: http://test.freizeit.pictures

Last edited by mjakobi (2019-09-15 18:44:14)