Closed tiefpunkt closed 10 years ago
password changing is now possible, since d62d521aee5734d2a54b96f5ee5bfe96efc3068c
i recommend an additional field 'current password' for the change password dialog and the verification in the backend for security reasons. Also for changing the email address the current password should be required to prevent account hijacking caused by a stolen session id.
especially with browsersessions that are valid for 14 days, which is another minor security issue.
Page to edit user profile.
Might require additional fields for users.