Viewing 11 replies - 1 through 11 (of 11 total)
  • Plugin Author Rustaurius

    (@rustaurius)

    Hey Martin,

    The company that we worked with to implement the two-step forgot password system was concerned about security if a “no username” message came up whenever a username was entered that didn’t exist for a user.

    Basically, it could be used to find usernames by brute force entering random ones until there was a match, and then the login form could be used to brute force the password in the same way.

    We’ve added an attribute for the “forgot-password” shortcode, “ewd-feup-reveal-no-username”, if you set it to “Yes”, then a “no username exists” message will be displayed if there’s no username instead of the fake success message.

    Thread Starter Martin

    (@speechless)

    Allright ..
    You mean like this?

    [forgot-password reset_email_url=’confirm-forgot-password’ ewd-feup-reveal-no-username=’yes’]

    If so .. that doesn’t seem to work! The “proceed message” appears in case of writing an email address that doesn’t exist.

    / Martin

    Thread Starter Martin

    (@speechless)

    Also you need to add a labeling option for message that will appear so the admin can change it into their prefered language! =)

    Plugin Contributor etoilewebdesign

    (@etoilewebdesign)

    Hi Martin,

    I apologize for the confusion, but the shortcode attribute is just “reveal-no-username”. So, you would have to use something like this: [forgot-password reset_email_url=’confirm-forgot-password’ reveal-no-username=’yes’]

    Thread Starter Martin

    (@speechless)

    Hey!

    I copied the shortcake you wrote. It still doesn’t work.

    Plugin Contributor etoilewebdesign

    (@etoilewebdesign)

    Try it with underscores instead of dashes: [forgot-password reset_email_url=’confirm-forgot-password’ reveal_no_username=’Yes’]

    Thread Starter Martin

    (@speechless)

    Nope… Still the same!

    Plugin Contributor etoilewebdesign

    (@etoilewebdesign)

    Are you using the latest version of the plugin (2.8.3)?

    Thread Starter Martin

    (@speechless)

    Yes I am.. Since it was in that version you did the update?

    Plugin Contributor etoilewebdesign

    (@etoilewebdesign)

    Hi Martin,

    Could you provide a link to the page on which this isn’t working?

    Thanks

    Thread Starter Martin

    (@speechless)

    I’ll setup an account for you and will email the account info to your email as I send the translations to!

Viewing 11 replies - 1 through 11 (of 11 total)

The topic ‘Forgotten password – suggestion’ is closed to new replies.