phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0017027phplist applicationSecuritypublic20-01-14 21:0315-02-14 13:10
Reporteralpha1 
PriorityimmediateSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version3.0.5 
Target Version3.0.6Fixed in Version3.0.6 
Summary0017027: Creating new Admin, leaves admin without password
Description3.0.5
Creating a new admin, does not allow a password to be imputed.
This allows the new user (which can be a super admin) to log in with no password.

Password cannot be reset by editing admin or requesting a fogotten password email. Both result in this error "Error sending password change token"

Steps To ReproduceInstall 3.0.5
Config->Manage Administrators->Add New Admin->
Add a username and email
if you want make them a super admin. Give it privileges if you want, i gave them all 4 checkboxed.
Logout.

Login with the user's name and no password. You now have full access
Additional Informationin extended_config:
$require_login = 1;
define("ASKFORPASSWORD",0);
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0052588)
michiel (manager)
21-01-14 00:58


The idea is that on creation of an admin the change password email is sent. But if that fails, then yes, it should not be possible to login.

Will be good to verify that.
(0052591)
alpha1 (reporter)
21-01-14 14:26

Yep that's exactly it, i had a typo in my smtp server which prevented it from sending.
(0053040)
michiel (manager)
15-02-14 13:10

rev 4329


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker