BTW, this is important and something I just remembered from when I did this myself. A blank search will match every entry in the db, therefore, if someone tries to request a password and leaves all of the criteria blank, IC will send every user in the system their username andpassword...[comment]Avoid empty searchspec[/comment] [bounce href="[area login]" if=`!$CGI_array->{mv_searchspec}->[1]`] Note that this code will probably break for you. It works for me because I modified the password retrieval to only use the email address. You will likely need to check more than one variable. Peter
Sorry, i forgot to answer you.I'm in the same situation as you, i modified password retrieval to only use email address too.
Thank you for telling me this story. In fact i've "solved" it. I've put this code back : [if value mv_search_match_count > 3] Too much answer, <a href='[area contact]'>contact us</a>. [set get_id_matches][/set] [/if]Checking if mv_searchspec is not blank is a good idea, but if someone look at a popular ISP, example aol.com, then you will send password retrieval to all your customers with an aol mail...
This not very good too... :(For the moment, limiting process to all searches with less than 4 matches is my best workaround.
-- David Bordas / Testadaz.com --------------------------------------------------------------------- http://www.testadaz.com : commandez les produits du terroir auvergnathttp://www.testadaz.com/blog : Le blog du terroir cantalien ---------------------------------------------------------------------
_______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.