We seem to have a problem with retrieving user passwords using the forgot password system
This only happens when trying to use the password recovery from the first screen that forces people to log in with the following syntax:
Protect selection page = 1
Password file = XXXXX
On the first page of our elog which can be found at
http://physics.uj.ac.za/elog/
Now currently there is one page that is viewable by guests, so going to this direct link, bypasses the login at the main page
If you try login from this page, and then use the forgot password link, the email that gets sent through will then work.
The first email that gets sent through using the main login page has the following link:
https://physics.uj.ac.za/elog/?redir=%3Fcmd%3DChange+password%26oldpwd%3DYJAATGHSIRRSBLLP&uname=Tester&upassword=YJAATGHSIRRSBLLP
When clicking on the above link normally, it takes you to a NULL user
The email link that gets sent from the guest page, that works, looks like this:
https://physics.uj.ac.za/elog/General/?redir=%3Fcmd%3DChange+password%26oldpwd%3DSACWEHJWWHKEXLMO&uname=Tester&upassword=SACWEHJWWHKEXLMO
Attached is a copy of the cfg file. The last few logbooks are all actually just copies of TEMPLATE A, so I have removed all their details to make the file easier to read for now
|