We've spoken before about doing work together on my web site. I'm ready to start with this task.
The "forgotten-password" function which is supposed to reset a user's access to Members Area would not check if the email entered is existing in the database and will send out reset-emails to any non-existent emails. This does not give the non-existing email access by receiving a reset email, but it's confusing for customers as it doesn't inform them that their email is non-existent.
User "john@[url removed, login to view]" has forgotten his password.
He goes to "Forgot password" link.
He enters another email he is using because he has forgotten that he signed up with john@[url removed, login to view], so he enters email@example.com.
The page will say "We've sent you a password rest email" and will send him a password reset email to the non-existing email john@[url removed, login to view] which will even allow him to open a reset link which does nothing.
If john@[url removed, login to view] enters proper email (john@[url removed, login to view]) then the password-reset link that he will receive works, so the function is working but is not checking if the email is present in SQL.
There will be more tasks after that, this is the first one.