I have noticed that when trying to reset my password using the standard lost password form, the email address is case sensitive to the one stored in the database.
This is not the case for a username reminder and that works as it should, only when just password is ticked and it's asking for username and email is this a problem.
After some digging around in the core files I believe I've found the problem.
The script below is in the site comprofiler.php in the sendNewPass function.
if ( $usernameExists ) {
$foundUser = $user->loadByUsername( $checkusername );
if ( $foundUser && ( $user->email != $confirmEmail ) ) {
$foundUser = false;
}
} else {
$foundUser = $user->loadByEmail( $confirmEmail );
}
When both email and username are entered, it goes into the top if statement and then checks that the $confirmEmail is equal to $user->email. This is case sensitive and if the email you entered does not match the one in the database exactly, it returns false.
This can be fixed by converting both $confirmEmail and $user->email to uppercase/lowercase before being compared, however I don't want to edit the core files as it will be reset with updating.
Please add this fix to a upcoming release,
Thanks.
krileon
