[ic] get_password multiple email "one per account"

David Bordas bordas at testadaz.com
Wed Mar 28 13:21:08 EST 2007

> BTW, this is important and something I just remembered from when I did
> this myself.  A blank search will match every entry in the db,
> therefore, if someone tries to request a password and leaves all of the
> criteria blank, IC will send every user in the system their username and
> password...  
> [comment]Avoid empty searchspec[/comment]
> [bounce href="[area login]" if=`!$CGI_array->{mv_searchspec}->[1]`]
> Note that this code will probably break for you.  It works for me
> because I modified the password retrieval to only use the email address.
>  You will likely need to check more than one variable.
> Peter
Sorry, i forgot to answer you.
I'm in the same situation as you, i modified password retrieval to only 
use email address too.

Thank you for telling me this story.

In fact i've "solved" it. I've put this code back :

[if value mv_search_match_count > 3]
Too much answer, <a href='[area contact]'>contact us</a>.
[set get_id_matches][/set]

Checking if mv_searchspec is not blank is a good idea, but if someone 
look at a popular ISP, example aol.com, then you will send password 
retrieval to all your customers with an aol mail...
This not very good too... :(

For the moment, limiting process to all searches with less than 4 
matches is my best workaround.

David Bordas / Testadaz.com
http://www.testadaz.com : commandez les produits du terroir auvergnat
http://www.testadaz.com/blog : Le blog du terroir cantalien 

More information about the interchange-users mailing list