Problems to login with 1.0.9 version

[effi]

[ping]

sometimes you cant remember your password and the "recover password" is not working (mail config or something with htaccess), so here's what i did:
1) create a dummy acount with password 1234
2) go to the phpmyadmin, your_table, arfooo_users then just copy the password code (i think its md5) to the user you want to change the password, so it changes to 1234
i'm sure there are other ways but this is so simple ;P

more tips (.htaccess)
# domain.com TO www.domain.com
RewriteCond %{http_host} ^YOURDOMAIN.com [NC]
RewriteRule ^(.*)$ http://www.YOURDOMAIN.com/$1 [R=301,L]

# to avoid duplicate content (SEO) if you have multiple domains pointing to just one directory
RewriteCond %{HTTP_HOST} ^www.domain222.net$[OR]
RewriteCond %{HTTP_HOST} ^domain222.net$
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

[effi]

[saidbakr]

Hello,

Till this time I have not deeply analysed the problem. However, according to your suggestion that relates the problem to JavaScript's files *.js, I may suggest to try login using another web browser.

If really, the problem related to Javascript, this will mean it is a client side dependent problem, so using of another browser may mean a temporary solution.

++++++++++++++++
Again! I have just made an initial analysis for the problem and it may be due to a scurity bug!.
The lost password mechanism follows a wrong behavior. It is just requires the user email supplied to the field and then the password is automatically changed, then it will be sent to your email. In this case, if your email service provider works fine, the email sent with your new password may be got lost! This simply means that, anyone are able to partially hijack the user's account by knowing his registered email and so prevent him to log in his account.

I've done an experminet using two emails addresses one is uses gmail.com and the other uses yalla.com. Ofcourse gmail is the best and powerful than yalla.com, so I have received the email with the new password and everything go well, but the yalla.com, lost the email!.

The lost password mechanism should be changed, to be, there is no any change to the password without user's confirmation code.

At current time I have no enough background about the script or even skills to do such modification, We just need to ask Arf to cover it among the incoming version or releasing a batch for it.