[ic] get_password multiple email "one per account"
David Bordas
bordas at testadaz.com
Wed Mar 28 13:21:08 EST 2007
> BTW, this is important and something I just remembered from when I did
> this myself. A blank search will match every entry in the db,
> therefore, if someone tries to request a password and leaves all of the
> criteria blank, IC will send every user in the system their username and
> password...
>
> [comment]Avoid empty searchspec[/comment]
> [bounce href="[area login]" if=`!$CGI_array->{mv_searchspec}->[1]`]
>
>
> Note that this code will probably break for you. It works for me
> because I modified the password retrieval to only use the email address.
> You will likely need to check more than one variable.
>
> Peter
>
Sorry, i forgot to answer you.
I'm in the same situation as you, i modified password retrieval to only
use email address too.
Thank you for telling me this story.
In fact i've "solved" it. I've put this code back :
[if value mv_search_match_count > 3]
Too much answer, <a href='[area contact]'>contact us</a>.
[set get_id_matches][/set]
[/if]
Checking if mv_searchspec is not blank is a good idea, but if someone
look at a popular ISP, example aol.com, then you will send password
retrieval to all your customers with an aol mail...
This not very good too... :(
For the moment, limiting process to all searches with less than 4
matches is my best workaround.
--
David Bordas / Testadaz.com
---------------------------------------------------------------------
http://www.testadaz.com : commandez les produits du terroir auvergnat
http://www.testadaz.com/blog : Le blog du terroir cantalien
---------------------------------------------------------------------
More information about the interchange-users
mailing list