Moodle
  1. Moodle
  2. MDL-26322

Incorrect workflow in handling of forgotten passwords

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 1.9.8, 2.0.1
    • Fix Version/s: 1.9.11, 2.0.2
    • Component/s: Authentication
    • Labels:
    • Environment:
      Windows 7/Apache
      Note that this site is running SSL.
    • Database:
      Any
    • Difficulty:
      Easy
    • Affected Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE
    • Rank:
      16427

      Description

      Click "login", then follow the procedure for a forgotten password. Follow through with the "Forgotten password confirmation. You get page "forgot_password.php". Here is a link to "change your password". Click there and you go to your auth module's login form, since you need to login before you can change your password. Now login using the new password provided in your email. Now you should be taken to the change password form, since that's where you wanted to go when you got re-routed to the login form. It doesn't happen,instead you go to the home page.

      The reason is on line 182 of file "login/index.php". Here code checks $SESSION->wantsurl, which is properly set to the change password form. However, it also checks to see that the "wantsurl" address contains $CFG->wwwroot. Since my site is using SSL, this fails. It should also allow "wantsurl" to contain $CFG->httpswwwroot.

      cheers,
      – mike

        Issue Links

          Activity

          Hide
          Petr Škoda added a comment -

          Thanks for the report, fix should be available in the next weekly build.

          Petr

          Show
          Petr Škoda added a comment - Thanks for the report, fix should be available in the next weekly build. Petr
          Hide
          Dongsheng Cai added a comment -

          Tested, thanks. Closing this issue.

          Show
          Dongsheng Cai added a comment - Tested, thanks. Closing this issue.

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: