• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Not a bug Lost password form available even if you're already logged in

Russ

Well-known member
#2
Potentially a user could have two accounts I guess. Or have cookies storing there password that they can't for the life of them remember it. Not sure!
 

Brogan

XenForo moderator
Staff member
#3
I was going to ask how you found that page.
I just discovered it appears if you fail to log in using the correct details.

Where is the link to it generally when logged in?
 

Enigma

Well-known member
#6
Or do you mean the page/url should be blocked to members logged in?
Yes, I'd make the Lost Password form unavailable to logged in users, unless you can think of a reason they might need it. For accounts without passwords (Accounts created via Facebook connect, for example), there should be a separate 'create password' button on the Facebook Integration settings page.
 

OperaManiac

Well-known member
#7
i do not mind having access to the lost password feature for times i find myself logged in but do not remember the password.

for facebook based accounts, as soon as you disconnect your facebook profile with xenforo, it generates a password and send it to your email id.

i did that 2 days back and it worked perfectly.

though i had to mail the admins to change my user name here.
 

Brogan

XenForo moderator
Staff member
#8
Yes, I'd make the Lost Password form unavailable to logged in users, unless you can think of a reason they might need it.
No, I can't think of any reason why someone logged in would need it.

Equally however, I can't see how someone logged in would easily find that page unless they were determined to do so by logging out and then deliberately entering incorrect details, so I'm not sure it's an issue really.
 

James

Well-known member
#9
Personally I'd keep it and add some extra functionality to it. If you use it when you are logged in there's two reasons:
You're using an automated login and forget your password (or you logged in and forgot it - small chance)
You're trying to annoy other users.

In the event of the latter, if they are doing this whilst logged in and you send the username/userid in the e-mail, the recipient knows that it is an idiot and can report them to the appropriate member of staff.