CMS Made Simple Forums

Posted: **Sat Mar 07, 2009 10:18 pm**

If a hacker guesses a username in a FEU Forgot Password mode, he (she) can see the email of user. Preventing it and letting for user to get the email address to which a reminder was sent, one can provide a part of email in a Forgot Password mode:

Add a line in modules\FrontEndUsers\action.do_forgotpw.php

Code: Select all

$email=substr($email,0,5)."...";//Vilkis code

before lines:

Code: Select all

  $params['message'] = $this->Lang('info_forgotpwmessagesent',$email);
    $params['skipformdisplay'] = 1;
    $params['form'] = 'forgotpw';
    
    if( isset( $params['input_returnto'] ) )
      {
	$returnid = $params['input_returnto'];
      }

Vilkis

CMS Made Simple Forums

Hide a part of email in FrontEndUsers module in Forgot Password Template

Hide a part of email in FrontEndUsers module in Forgot Password Template