1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Not a Bug Lost password form available even if you're already logged in

Discussion in 'Resolved Bug Reports' started by Enigma, Sep 25, 2010.

  1. Enigma

    Enigma Well-Known Member

    Not really a big deal, but there's no reason to have the Lost Password form available to members who are already logged in.
  2. Russ

    Russ Well-Known Member

    Potentially a user could have two accounts I guess. Or have cookies storing there password that they can't for the life of them remember it. Not sure!
  3. Brogan

    Brogan XenForo Moderator Staff Member

    I was going to ask how you found that page.
    I just discovered it appears if you fail to log in using the correct details.

    Where is the link to it generally when logged in?
  4. Enigma

    Enigma Well-Known Member

    There is none that I know of.
  5. Brogan

    Brogan XenForo Moderator Staff Member

    So I'm confused by your first post then.

    Unless you know where to look for it, the form isn't generally available.
    Or do you mean the page/url should be blocked to members logged in?
  6. Enigma

    Enigma Well-Known Member

    Yes, I'd make the Lost Password form unavailable to logged in users, unless you can think of a reason they might need it. For accounts without passwords (Accounts created via Facebook connect, for example), there should be a separate 'create password' button on the Facebook Integration settings page.
  7. OperaManiac

    OperaManiac Well-Known Member

    i do not mind having access to the lost password feature for times i find myself logged in but do not remember the password.

    for facebook based accounts, as soon as you disconnect your facebook profile with xenforo, it generates a password and send it to your email id.

    i did that 2 days back and it worked perfectly.

    though i had to mail the admins to change my user name here.
  8. Brogan

    Brogan XenForo Moderator Staff Member

    No, I can't think of any reason why someone logged in would need it.

    Equally however, I can't see how someone logged in would easily find that page unless they were determined to do so by logging out and then deliberately entering incorrect details, so I'm not sure it's an issue really.
  9. James

    James Well-Known Member

    Personally I'd keep it and add some extra functionality to it. If you use it when you are logged in there's two reasons:
    You're using an automated login and forget your password (or you logged in and forgot it - small chance)
    You're trying to annoy other users.

    In the event of the latter, if they are doing this whilst logged in and you send the username/userid in the e-mail, the recipient knows that it is an idiot and can report them to the appropriate member of staff.
  10. Mike

    Mike XenForo Developer Staff Member

    Probably not worth having a special case for this. There's no real harm in it.

Share This Page