View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0026884||mantisbt||administration||public||2020-04-15 18:34||2021-03-07 18:29|
|Target Version||2.25.0||Fixed in Version||2.25.0|
|Summary||0026884: Misleading e-mail notification following password reset by admin|
When a user's password is reset by an administrator - either via manage_user_reset.php page, or with REST API (since 0026632), they are sent the following notification by e-mail:
That message only makes sense when using the Lost password functionality. In the context of a password reset by an admin, it is misleading, for the following reasons
A specific notification text should be used for the password reset by admin case.
|Tags||No tags attached.|
MantisBT: master e118e8e8
2020-04-15 19:36:40Details Diff
|Specific notification for password reset by admin
The email notification sent when password is reset by an administrator
was misleading, implying that it can be ignored when in fact it should
not as the password has effectively been changed to a random one. If the
user does not reset their password, they will not be able to login.
This commit avoids confusion caused by the misleading message, by
sending a specific notification for password resets by admin.
A new $p_reset_by_admin optional parameter, defaulting to false, was
added to email_send_confirm_hash_url() function, allowing it to be used
for resets by user (lost password feature) also.
|mod - core/email_api.php||Diff File|
|mod - core/user_api.php||Diff File|
|mod - lang/strings_english.txt||Diff File|