[FEATURE] More detailed felogin password reset error messages
authorLucas Jenss <lucas@x3ro.de>
Sat, 12 Nov 2011 16:34:48 +0000 (17:34 +0100)
committerSteffen Ritter <info@rs-websystems.de>
Mon, 13 Feb 2012 08:01:53 +0000 (09:01 +0100)
Allows a more explicit error message to be displayed, if the entered
account was not found.

The previous mechanism displayed a generic error message regardless of a
correct account name. The new mechanism allows a distinct error message
if the account was not found. This can be enabled by setting
"exposeNonexistentUserInForgotPasswordDialog" to 1 (default is 0).

If enabled, instead of always displaying the message that an email was
sent, the user gets feedback that the account does not exist.

Change-Id: I8d8ad52bf12938645bb9b144872ec64f92f875d0
Resolves: #23199
Releases: 4.7
Reviewed-on: http://review.typo3.org/6649
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Philipp Gampe
Reviewed-by: Stefan Neufeind
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
typo3/sysext/felogin/ext_typoscript_setup.txt
typo3/sysext/felogin/pi1/class.tx_felogin_pi1.php
typo3/sysext/felogin/pi1/locallang.xlf

index 35821ba..ef723a1 100644 (file)
@@ -127,6 +127,9 @@ plugin.tx_felogin_pi1 {
        showLogoutFormAfterLogin =
        
        dateFormat = Y-m-d H:i
+
+       # Expose the information on whether or not the account for which a new password was requested exists. By default, that information is not disclosed for privacy reasons.
+       exposeNonexistentUserInForgotPasswordDialog = 0
 }
 
 plugin.tx_felogin_pi1._CSS_DEFAULT_STYLE (
index 440de2c..8f05294 100644 (file)
@@ -195,10 +195,14 @@ class tx_felogin_pi1 extends tslib_pibase {
                                        $row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res);
                                }
 
+                               $error = NULL;
                                if ($row) {
-                                                       // generate an email with the hashed link
-                                               $error = $this->generateAndSendHash($row);
+                                               // generate an email with the hashed link
+                                       $error = $this->generateAndSendHash($row);
+                               } elseif ($this->conf['exposeNonexistentUserInForgotPasswordDialog']) {
+                                       $error = $this->pi_getLL('ll_forgot_reset_message_error');
                                }
+
                                        // generate message
                                if ($error) {
                                        $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($error, $this->conf['forgotErrorMessage_stdWrap.']);
index 8691a77..7befe84 100644 (file)
@@ -129,6 +129,9 @@ For security reasons, this link is only active until %s. If you do not visit the
                        <trans-unit id="ll_forgot_reset_message_emailSent" xml:space="preserve">
                                <source>An email has been sent to the address stored in your account and contains a link to reset your password. If you do not receive an email, your account or email address was not found.</source>
                        </trans-unit>
+                       <trans-unit id="ll_forgot_reset_message_error" xml:space="preserve">
+                               <source>Your account or email address does not exist.</source>
+                       </trans-unit>
                        <trans-unit id="ll_forgot_header_backToLogin" xml:space="preserve">
                                <source>Return to login form</source>
                        </trans-unit>