Changes between Version 1 and Version 2 of EmailChangeNotification


Ignore:
Timestamp:
Apr 5, 2018, 10:20:38 AM (6 years ago)
Author:
Ageless
Comment:

twice a valid token, twice a different outcome. making one token invalid

Legend:

Unmodified
Added
Removed
Modified
  • EmailChangeNotification

    v1 v2  
    1818The system will also set the user.email_addr field to the new email address, rehash the password and put the old email address into the user.previous_email_addr and set the user.email_addr_change_time to unix_timestamp().
    1919
    20 When the user clicks on the link then they be sent to a page that verifies the token.  If the token is valid, then the user will be informed that they need to provide a new password and that after submission their password will be updated and the email address will be reverted to the previous email address.  If the token is valid (it will be submitted as a hidden field), then user.email_address will be assigned the value from user.previous_email_address and user.email_addr_change_time will be set to 0.
     20When the user clicks on the link then they be sent to a page that verifies the token.  If the token is invalid, then the user will be informed that they need to provide a new password and that after submission their password will be updated and the email address will be reverted to the previous email address.  If the token is valid (it will be submitted as a hidden field), then user.email_address will be assigned the value from user.previous_email_address and user.email_addr_change_time will be set to 0.
    2121
    2222If the user attempts to visit the change email address screen while user.email_addr_change_time is within 7 days, then they will be informed that they can only change their email address once every 7 days.