Last modified: 2014-06-23 16:07:10 UTC
Hi everyone! We had some problem with our SMTP server, so after registering a new user an error message appeared "Error sending mail: failed to receive" (might not be the exact phrase). Tried an other user password reminder (reset) (which failed also). Now the SMTP is fixed, but I cannot re-send the registration, or request password reset for these users, because: "A password reset email has already been sent, within the last 24 hours. To prevent abuse, only one password reset email will be sent per 24 hours." No! it was not sent, it tried to send it and failed (which it showed in an error message). Bug 1: Email lock should not be set if sending the email failed. Even when I log in as admin, and request a reset the same message is displayed. (Actually the first one was in Hungarian "Már elküldtünk egy jelszóemlékeztetőt az utóbbi 24 órában. A visszaélések elkerülése végett 24 óránként csak egy jelszó-emlékeztetőt küldünk.") Bug 2: Admins should be allowed to request password resets without any lockouts (be throttled). Sorry if I should have created separate bug reports, or made some other mistake. Additional details that might help: message id: 'throttled-mailpassword' in languages\messages\MessagesEn.php (and probably 'mailerror') Now I'm trying to remove the lock in sql, reconfigure lockout period, or remove it temporarily from php... Good luck to us all!
Thanks for taking the time to report this! I am not sure if this is technically doable. > Sorry if I should have created separate bug reports Yes, these are two different requests. :)
This 24 hour reset password lock is a pain. I've had multiple instances in which the end user did not receive the password via mail, but I as an administrator cannot take further actions to provide access in a timely manner. This will tend to erode confidence in the product amongst both administrators and end users. There must be another way to handle password resets in a secure manner...
