Phil Boswell wrote:
Liking the new features, but the account creation
totally boggled me. I
entered my name, and my favourite "temporary" password, and clicked
"Create
new account". Without warning me, it sent me an email with a *new*
password.
The confusing thing is that it would seem that the system remembered the
password I had entered previously, so when I tried to change it from the
gash password from the email, it complained...I only found out by
trial and
error that my original password was operational.
Is this actually a change in policy or is this just how the test
system is
set up?
It's supposed to be an e-mail verification system, but it's pretty badly
broken and needs to be replaced with one that actually works in a
reasonable manner.
I've cleaned it up a bit to separate the email confirmation token from
the login password, as well as some general code cleanup backing that.
The user table has changed a bit, so those of you tracking CVS HEAD be
sure to run update.php.
-- brion vibber (brion @