[TYPO3-core] RFC: #10017: [felogin] New Method for "forgotPassword"

Jeff Segars jsegars at alumni.rice.edu
Mon Aug 31 22:12:08 CEST 2009 

Hey Steffen,
I spent some time reviewing and testing the patch today and have some 
comments. Most of my comments from reading are really minor nitpicks but 
I did encounter a few bugs reading and testing.

Code
====
changePassword()
* Update comments to reflect what the method actually does.
* $minLength is calculated twice...but is spelled right now ;)
* *nitpick* Assign $subpartArray and $linkpartArray individually
* *nitpick* Assign $done outside the else case

generateAndSendHash()
* *nitpick* Maybe $user would be more descriptive than $row?
* $validEndString does not take Typoscript settings for dateFormat into 
account
* When calculating the link prefix, should the final fallback be using 
TYPO3_SITE_URL rather than outputting an error message?
* Unsetting notification_email_urlmode doesn't work when page.config is 
set rather than the top-level config object. Same holds true for 
baseURL, etc.

Labels
======
"Please enter your username or the email address stored in your account, 
press "Send password", and your password will immediately be emailed to 
you."
* The password itself isn't actually emailed so we should probably 
update this message.

"Dear username

to set a new password please visit this link:
<link>

The link is only valid until 2009-09-01 02:55. If you do not visit the 
link before then, you will have to repeat the forgot password procedure."
* Maybe we should add a little description before the link that explains 
someone is receiving this email because they filled out the forgot 
password form. Using the real name rather than username when available 
might be a nice touch too.


Testing
=======
I think there's some kind of caching issue going on. When I start with 
an empty cache and directly load the page with the forgot password form, 
everything works as expected. If I load a page with the login box and 
click the link to open the forgot password form, the form loads but 
trying to submit the reminder form just reloads the original login form. 
When I turn off caching on the page, all works as expected.

Thanks for all the work on this feature! I'm of course happy to help 
with any labels and the minor cleanups mentioned above.

Jeff

More information about the TYPO3-team-core mailing list