This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests
are now tracked at the issue tracker at Github.
FS#2533 Resend Password - Token not valid
ACL & Authentication
When requesting a new password an email is send to the users email adress containing a link to confirm that a new password has been requested. This link contains a md5 hash as "token".
Internaly a file with the username is saved in the cache directory named "token".pwauth
For some reasons the token in the link and the name of the pwauth file differs because the token in the link has a prefix "3D" (e.g. 3Da2199cbdc47df412f23b915fe6760be1 != a2199cbdc47df412f23b915fe6760be1).
The function act_resendpwd is filtering the capital D but not the leading "3". So there's a mismatch and a new password will not be send.
Only tested on Windows NT 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586, PHP Version 5.3.9 (MSVC9, CGI/FastCGI)
Quick solution for me is adding a
$token = substr($token, 1);
in function act_resendpwd after the token has been filtered by the regexp.
Most probably a problem with quote_printable encoding. Should be fixed with the new Mailer class.