Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-26322

Incorrect workflow in handling of forgotten passwords

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 1.9.8, 2.0.1
    • 1.9.11, 2.0.2
    • Authentication
    • Windows 7/Apache
      Note that this site is running SSL.
    • Any
    • MOODLE_19_STABLE, MOODLE_20_STABLE
    • MOODLE_19_STABLE, MOODLE_20_STABLE
    • Easy

    Description

      Click "login", then follow the procedure for a forgotten password. Follow through with the "Forgotten password confirmation. You get page "forgot_password.php". Here is a link to "change your password". Click there and you go to your auth module's login form, since you need to login before you can change your password. Now login using the new password provided in your email. Now you should be taken to the change password form, since that's where you wanted to go when you got re-routed to the login form. It doesn't happen,instead you go to the home page.

      The reason is on line 182 of file "login/index.php". Here code checks $SESSION->wantsurl, which is properly set to the change password form. However, it also checks to see that the "wantsurl" address contains $CFG->wwwroot. Since my site is using SSL, this fails. It should also allow "wantsurl" to contain $CFG->httpswwwroot.

      cheers,
      – mike

      Attachments

        Issue Links

          Activity

            People

              skodak Petr Skoda
              mlitzkow Michael J Litzkow
              Dongsheng Cai Dongsheng Cai
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Sujith Haridasan
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                21/Feb/11