-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User should have to click on a link to reset their password not have their password reset automatically #120
Comments
if they knew the customer email address was a member |
Hi Open cart Team, What should if the user is currently login to the open cart site and doing a payment and someone enters his email address at forgot password page and his password got reset ? So this approach is not good . I think the admin reset password should also be apply to the customer's password reset. Regards, |
Hello, The correct solution is to send a password reset link to the email address on file. Then you can be certain that the request came from the member. Best regards, |
Hi, I'm starting a Opencart store for my cliente and faced the same issue. I think it should be changed, or at least ask for a captcha when customer type their email address. |
This is quite an annoying issue. Why can't it be the same as when the admin clicks forget their password, and an email with a link to reset the password is sent? |
While testing my opencart installation in prep for opening up shop I have discovered a very worrying issue.
When you request a password reset it just resets the password, it does not give the user an opportunity to click a link to confirm that they want to reset their password.
This could be used by malicious users to block customers from being able to log into their account.
The text was updated successfully, but these errors were encountered: