emmachughes
commented
3 weeks ago The prefilled password is fixed in https://github.com/cerpus/Edlib3/commit/dceaaab97b7548a697cca423b5787325bc967a01
Open chrieinv opened 1 month ago
emmachughes
commented
3 weeks ago The prefilled password is fixed in https://github.com/cerpus/Edlib3/commit/dceaaab97b7548a697cca423b5787325bc967a01
In the My Account page, changing the name, or email, cannot be performed without the password fields being set to the same value. The form opens with Password filled in, and Confirm password blank. You either have to enter your password in the Confirm password, or clear the Password field. If clearing the Password field your password will be set to an empty string and you won't be able to log in since the Password field when logging in cannot be empty.
Making the user enter password when changing name is a bit excessive, but not when changing email. If confirmation when changing password and/or email is needed, it should be by using the old password, The user should not be permitted to set an invalid password making the user unable to log in afterword. When password is changed a information email should be sent. When changing email a information/confirmation email should be sent to both old and new email.