diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-05-13 00:47:20 +0000 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-05-13 00:47:20 +0000 |
| commit | 4093315390c04836d386bfd16881fd40dc199000 (patch) | |
| tree | d926558e3e68c8f21f0a80ae2ea0597f39cc2ef6 | |
| parent | 7008bfb5c3b0654d7d25b2e0d0d53d09e4431c0c (diff) | |
Log password reset attempts. Fixes ticket #251.
| -rw-r--r-- | modules/user/controllers/password.php | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index 2415d6a1..81bc6e12 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -70,14 +70,16 @@ class Password_Controller extends Controller { ->message($message->render()) ->send(); - message::success(t("Password reset email sent")); - print json_encode( - array("result" => "success")); + log::success("user", "Password reset email sent for user $user->name"); } else { - print json_encode( - array("result" => "error", - "form" => $form->__toString())); + // Don't include the username here until you're sure that it's XSS safe + log::warning( + "user", "Password reset email requested for bogus user"); } + + message::success(t("Password reset email sent")); + print json_encode( + array("result" => "success")); } private function _reset_form() { |