[TYPO3-core] RFC: #10017: [felogin] New Method for "forgotPassword"

Tue Sep 1 17:31:54 CEST 2009

Hi Jeff,

thx for the review!

Jeff Segars schrieb:
> Code
> ====
> changePassword()
> * Update comments to reflect what the method actually does.
updated
> * $minLength is calculated twice...but is spelled right now ;)
deleted 2nd
> * *nitpick* Assign $subpartArray and $linkpartArray individually
there is no rule about that, so i didn't changed
> * *nitpick* Assign $done outside the else case
moved to begin of function
> 
> generateAndSendHash()
> * *nitpick* Maybe $user would be more descriptive than $row?
replaced $row with $user
> * $validEndString does not take Typoscript settings for dateFormat into 
> account
correct, use conf now
> * When calculating the link prefix, should the final fallback be using 
> TYPO3_SITE_URL rather than outputting an error message?
here i disagree. There are 3 possibilities to define the url: 
absRefprefix, baseURL or feloginBaseURL. If you miss all 3 the error 
will inform you about. Just blindly use TYPO3_SITE_URL can be wrong and 
noone notice, but the links won't work.
> * Unsetting notification_email_urlmode doesn't work when page.config is 
> set rather than the top-level config object. Same holds true for 
> baseURL, etc.
> 

good point. I examined and found some bug: absRefPrefix is already used 
by typolink, so if it's set there is no need to add a prefix.
For difference between config.baseURL and page.config.baseURL i now use 
the processed values
$GLOBALS['TSFE']->absRefPrefix
$GLOBALS['TSFE']->baseUrl
which takes both possibilities into account.
notification_email_urlmode only works in config, not page.config, that's 
what i read in code of TSFE

> Labels
> ======
> "Please enter your username or the email address stored in your account, 
> press "Send password", and your password will immediately be emailed to 
> you."
> * The password itself isn't actually emailed so we should probably 
> update this message.
> 
> "Dear username
> 
> to set a new password please visit this link:
> <link>
> 
> The link is only valid until 2009-09-01 02:55. If you do not visit the 
> link before then, you will have to repeat the forgot password procedure."
> * Maybe we should add a little description before the link that explains 
> someone is receiving this email because they filled out the forgot 
> password form. Using the real name rather than username when available 
> might be a nice touch too.
> 

feel free to give me a text update/addition, can be added as FYI ;)

> 
> Testing
> =======
> I think there's some kind of caching issue going on. When I start with 
> an empty cache and directly load the page with the forgot password form, 
> everything works as expected. If I load a page with the login box and 
> click the link to open the forgot password form, the form loads but 
> trying to submit the reminder form just reloads the original login form. 
> When I turn off caching on the page, all works as expected.
>

my testing had no problems with cache. I used it several time without 
clearing cache. But there is an open issue with cache i will recheck 
too. Anyway this issue doesn't affect tis patch.

Attached is a new version taking your and my points into account.

vg Steffen
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 10017_v9.diff
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090901/dafc4936/attachment-0001.txt 