MantisBT - ATutor
View Issue Details
0003751ATutorThemepublic2009-05-21 07:292009-07-21 08:50
0003751: default15 theme password reminder bug
Thanks Rury Galbraith, for the report.
Follow these steps to reproduce the bug:

1. They click on the "Forgot your password?" link at the login page
2. They get an email with a link in it then click on the link
3. They are then prompted to enter a new password - you can enter
anything here (no letters, numbers and symbols and less than 8
characters) and it will accept it without showing a warning message.
4. They get an email confirming that their password has been changed
5. When they go to log in using their new password, they get an error
No tags attached.
? password_change.tmpl.php (2,382) 2009-05-21 07:30
Issue History
2009-05-21 07:29harrisNew Issue
2009-05-21 07:29harrisAffects version => SVN
2009-05-21 07:29harrisStatusnew => assigned
2009-05-21 07:29harrisAssigned To => harris
2009-05-21 07:30harrisFile Added: password_change.tmpl.php
2009-05-21 07:33harrisNote Added: 0003526
2009-05-21 07:35harrisStatusassigned => resolved
2009-05-21 07:35harrisResolutionopen => fixed
2009-05-21 07:35harrisNote Added: 0003527
2009-06-12 09:31gregStatusresolved => new
2009-06-12 09:33gregStatusnew => resolved
2009-06-12 09:33gregFixed in Version => 1.6.3
2009-07-21 08:50gregStatusresolved => closed

2009-05-21 07:33   
This is a theme problem on the default15/password_change.tmpl.php file. It does not have the extra token fields to handle the new security feature from 161. Causing the database to save all passwords to an empty string.

Replace the attached file into the default15/ theme folder and it will fix the problem.
2009-05-21 07:35   
fix: added all token fields back