Just an update to where i am at with this problem:
he redirect url generated by the forgotpassword behaviour is adding an & to the url insead of adding a ?
&EmailFail=true
should be
?EmailFail=true
this is why is generating an internal server errror
i am using the framework and all the pages are loaded in via an index.php page
using a $_GET['page'] variable to determine which page to load in.
i am also using an .htacess file to make my urls pretty.
so instead of havinghttp://www.albionwineshippers.co.uk/access/index.php?page=forgotpassword
i have http://www.albionwineshippers.co.uk/access/forgotpassword/
just as a test i edited the webassist/security_assist/helper_php.php page
and change the following lines:
if ($WA_UserFound) {
$WA_Auth_Parameter["failRedirect"] = ((strpos($WA_Auth_Parameter["failRedirect"], '?') === false)?"?":"&")."EmailFail=true";
} else {
$WA_Auth_Parameter["failRedirect"] = ((strpos($WA_Auth_Parameter["failRedirect"], '?') === false)?"?":"&")."notFound=true";
}
to:
if ($WA_UserFound) {
$WA_Auth_Parameter["failRedirect"] = ((strpos($WA_Auth_Parameter["failRedirect"], '?') === false)?"?":"[red]?[/red]")."EmailFail=true";
} else {
$WA_Auth_Parameter["failRedirect"] = ((strpos($WA_Auth_Parameter["failRedirect"], '?') === false)?"?":"[red]?[/red]")."notFound=true";
}
this fixes the internal server error, but the actual request password still fails (it uses the EmailFail parameter), the email address is in the database (i have checked the record exists) so why its failing i do not know, i can even log-in with it.
this is the next problem to solve.