1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Not a Bug Lost Password form accepting empty field as valid email account

Discussion in 'Resolved Bug Reports' started by japersonal, Dec 11, 2013.

  1. japersonal

    japersonal Member


    When you use the Lost Password form and enter an email account which doesn't exist in the database, there is a valid error message:

    But when you leave the e-mail field empty and clic on the "Reset Password" button, your system accepts that as a valid input and return a page with this message:

    OK, this might be a very minor glitch... but I'm thinking of a scenario where a user was too quick or too distracted and forgot to enter his/her valid email account. He or she will end up waiting for a message which will never arrive... not to mention an additional burden for the forum admins who will receive a request/complaint from this user because he/she did not receive the email to reset his/her password.

    A little check and warning like the "Please enter a valid email." you have in place for the contact form when the e-mail field was left empty would be a good fix for this situation. :)

    Thank you!
    Last edited: Dec 11, 2013
    whynot likes this.
  2. Brogan

    Brogan XenForo Moderator Staff Member

    Are you talking about this form? http://xenforo.com/community/lost-password/

    How are you submitting the form with no email address or user name in the field?

    It just returns an error "The requested member could not be found." when I do it.
  3. japersonal

    japersonal Member

  4. Brogan

    Brogan XenForo Moderator Staff Member

    Do you have any add-ons installed as that is not standard behaviour.

    You can check for yourself by testing it here on this site.
    Leaving the field blank results in an error message.

    That page only works when not logged in so how would the system know which user was requesting the password reset?
  5. japersonal

    japersonal Member

    Yes, three of them:

    [bd] Widget Framework 2.4.3
    [bd] Rotating Ads 1.6.2
    Import Tools by Waindigo 1.0.1

    Plus the language pack for the Spanish language.

    I see. In my website its behaviour is slightly different, as explained above.

    I don't know. I'm just posting my findings here. Feel free to try by yourself at my site. You will find the selector at the bottom to change language into English.
  6. Mike

    Mike XenForo Developer Staff Member

    You don't happen to have a user with no name, do you? (From an import.)

    I'd also search your users by that email address.

    The code looks up the user by email if it appears to be one (which a string without @ never matches) and then by username.
    Brogan likes this.
  7. japersonal

    japersonal Member


    Yes, from a vBulletin import. And with status "Awaiting email confirmation". Oh my God. How did this happen? A missing username because of the import process? Or vBulletin allowed a user to be registered with an "empty" username?

    Either way, thank you very much. I'm sorry for the troubles. And my intention was honest, to be helpful.

Share This Page