From 1d5856cfe64e778c70fece0d08d36f153be16600 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Fri, 14 Jul 2006 13:05:48 +0200
Subject: two-stage password reset

This patch changes the password reset function to a two-stage process.
After requesting a new password a confirmation email is sent first, only
if the link contained in this mail is used the password is changed for real.

This makes sure malicious people can't reset passwords for other users.

darcs-hash:20060714110548-7ad00-c1e23fd51cc2d2f16473914421ebe0f9c3b2ba8c.gz
---
 conf/dokuwiki.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'conf/dokuwiki.php')

diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php
index dbba11efc..48f33a940 100644
--- a/conf/dokuwiki.php
+++ b/conf/dokuwiki.php
@@ -59,7 +59,7 @@ $conf['passcrypt']   = 'smd5';           //Used crypt method (smd5,md5,sha1,ssha
 $conf['defaultgroup']= 'user';           //Default groups new Users are added to
 $conf['superuser']   = '!!not set!!';    //The admin can be user or @group
 $conf['profileconfirm'] = '1';           //Require current password to confirm changes to user profile
-$conf['disableactions'] = 'resendpwd';   //comma separated list of actions to disable
+$conf['disableactions'] = '';            //comma separated list of actions to disable
 
 /* Advanced Options */
 $conf['userewrite']  = 0;                //this makes nice URLs: 0: off 1: .htaccess 2: internal
-- 
cgit v1.2.3