View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0020686||mantisbt||authentication||public||2016-03-11 03:59||2016-11-18 05:29|
|Target Version||1.3.0-rc.2||Fixed in Version||1.3.0-rc.2|
|Summary||0020686: Make sure new users complete the registration process|
The system allows new users to login to MantisBT without setting their password in the verification page.
|Steps To Reproduce|
1) After registering your username, click the verification link in your email.
|Tags||No tags attached.|
I was not able to reproduce your problem with a fresh install of the latest stable MantisBT release (1.2.19 at the moment).
If you are running an older version, I recommend that you upgrade to the latest (download from ). If after doing so the problem persists, do not hesitate to reopen the issue and provide detailed step-by-step instructions to reproduce the issue; the following additional information may also be useful:
I think the fix may be:
@cproensa, I checked 1.2.x and was not able to reproduce the issue.
I think this is not the best solution but acceptable, as the user can use the "Forgot password" link.
Now I checked also 1.3 and I am able to reproduce the steps that @monochrome entered.
After seeing this issue, I now understand most of the complaints that i get from new users about not being able to enter mantis, probably the second time they tried.
User receives the new user email, opens the link, and starts browsing the site right away. They didn't read the email that says that they should set the new password, neither did they read the warnings on the account page.
That's why is suggest that the password reset page be a dedicated page, where the only thing you can do is that!
Requesting the "forgot password" functionality, on a non confirmed new account, may become unavailable if we implement some of the proposals for not sending mail to unconfirmed accounts (for spam concerns)
MantisBT: master d7b8d33e
2016-05-14 12:26:34Details Diff
|Manage the password reset hash as a token
Refactor verify.php to be a not-logged-in page (like login_page.php), so
the only action the user can do is change the password, and not navigate
into the site.
If the user does not change the password and quits the page, the
activation token remains valid until the change is effectively done (or
the token times out)
Fixes 0020686, 0006009, https://github.com/mantisbt/mantisbt/pull/735
Note: I reworded and reformatted some of the original commit messages.
|mod - account_page.php||Diff File|
|mod - account_update.php||Diff File|
|mod - core/constant_inc.php||Diff File|
|mod - core/user_api.php||Diff File|
|mod - css/default.css||Diff File|
|mod - lang/strings_english.txt||Diff File|
|mod - lost_pwd.php||Diff File|
|mod - verify.php||Diff File|
MantisBT: master f7b11528
Committer: dregad Details Diff
|Remove old code from account_page
After the new functionality of verify.php page was implemented (see
issue 0020686), account_page is no longer included, and some old code can
|mod - account_page.php||Diff File|
|2016-03-11 03:59||monochrome||New Issue|
|2016-03-13 17:56||atrol||Assigned To||=> atrol|
|2016-03-13 17:56||atrol||Status||new => resolved|
|2016-03-13 17:56||atrol||Resolution||open => no change required|
|2016-03-13 17:56||atrol||Note Added: 0052763|
|2016-03-13 18:58||cproensa||Status||resolved => feedback|
|2016-03-13 18:58||cproensa||Resolution||no change required => reopened|
|2016-03-13 18:58||cproensa||Note Added: 0052764|
|2016-03-13 20:40||cproensa||Relationship added||related to 0006009|
|2016-03-14 07:36||atrol||Note Added: 0052765|
|2016-03-14 07:37||atrol||Status||feedback => confirmed|
|2016-03-14 07:37||atrol||Product Version||=> 1.3.0-rc.1|
|2016-03-14 07:49||cproensa||Note Added: 0052766|
|2016-03-14 15:31||atrol||Note Added: 0052773|
|2016-03-14 15:31||atrol||Assigned To||atrol => cproensa|
|2016-03-31 05:06||cproensa||Status||confirmed => assigned|
|2016-05-14 12:30||dregad||Changeset attached||=> MantisBT master d7b8d33e|
|2016-05-14 12:30||dregad||Assigned To||cproensa => dregad|
|2016-05-14 12:30||dregad||Status||assigned => resolved|
|2016-05-14 12:30||dregad||Fixed in Version||=> 1.3.0-rc.2|
|2016-05-14 12:36||dregad||Assigned To||dregad => cproensa|
|2016-05-14 12:36||dregad||Target Version||=> 1.3.0-rc.2|
|2016-05-14 12:36||dregad||Summary||Does not require to finish the registration. => Make sure new users complete the registration process|
|2016-05-14 12:36||dregad||Description Updated||View Revisions|
|2016-05-24 06:49||dregad||Changeset attached||=> MantisBT master f7b11528|
|2016-06-12 00:42||vboctor||Status||resolved => closed|
|2016-11-18 05:23||cproensa||Relationship added||duplicate of 0021929|
|2016-11-18 05:29||cproensa||Relationship replaced||has duplicate 0021929|