Maybe something like this:
def user():
form=auth()
if request.args(0)=='request_reset_password' and form.errors:
session.flash='If your user ID was found, we have sent you reset
details by email.'
redirect(URL('user',args='login'))
return dict(form=form)
Anthony
On Saturday, September 3, 2011 12:55:56 PM UTC-4, Dave H wrote:
>
> Hi, I'd like to customise the "reset password" part of the
> authentication module. At the moment, it tells you if you have entered
> an incorrect email address, and doesn't in fact try to send the email
> unless the user is found in the database. I'd like to change it so
> that if a valid email address is entered, it says something like
>
> "if your user was found, we have sent you reset details by email"
>
> so that someone couldn't discover if an email address was valid or not
> just by using the password reset function.
>
> I've tried to hook into the code using this:
>
> auth.settings.reset_password_onvalidation = my_onvalidation_function
> auth.settings.reset_password_onaccept = my_onaccept_function
>
> but it seems to do the email check before then. (the second line above
> actually gives an error and says the key doesn't exist).
>
> Is there any way to do this without subclassing the auth module?
>
> Any suggestions are greatly appreciated!
>
> Many thanks
> Dave
