Hi, I'd like to customise the "reset password" part of the authentication module. At the moment, it tells you if you have entered an incorrect email address, and doesn't in fact try to send the email unless the user is found in the database. I'd like to change it so that if a valid email address is entered, it says something like
"if your user was found, we have sent you reset details by email" so that someone couldn't discover if an email address was valid or not just by using the password reset function. I've tried to hook into the code using this: auth.settings.reset_password_onvalidation = my_onvalidation_function auth.settings.reset_password_onaccept = my_onaccept_function but it seems to do the email check before then. (the second line above actually gives an error and says the key doesn't exist). Is there any way to do this without subclassing the auth module? Any suggestions are greatly appreciated! Many thanks Dave
