Passwort reminder is not sent if user disables email in settings

Hello Alex, I can't replicate it, email with password reset link is being delivered even if email is disabled in user settings.

Just to be sure, are you talking about the case when user has forgotten the password, then (s)he clicks on "lost username/password" link, fills in username or email and gets an email with password reset link? Which version of Mahara do you use?

Hi Ruslan,
yes that's exactly what I'm talking about. Did you set Email to "disabled" in your settings? I'm running Mahara 1.3.3 and can replicate the bug.
Here's what Mahara says:
"Sorry, email is disabled for the email address or username you entered. Please contact an administrator to reset your password."

I see what you mean, did not realise at the first glance that it is a feature request, not a bug. It might worth implementing what you request. Let us see what Andrew, the author or "mail disabling" feature, thinks.

Hmmm. All e-mail is handled by the email_user function in lib/user.php. If e-mail is disabled, an exception is thrown (EmailDisabledException). There's only one check for disabled e-mail so it would be relatively easy to bypass this check.

The question is how best to do so. We could add a parameter to the email_user() function to ignore disabled e-mail and this may be the best method. It'd then be a case of modifying the call to email_user in forgotpass.php->forgotpass_submit(). It'd be pretty easy, but it'd be adding (yet) more parameters to the email_user function. However, I can't think of a better way to do so right now.

Ahh. Rather than adding another parameter, we could add a variable to $user (after it's selected from the database) such that:

forgotpass.php->forgotpass_submit we set
$user->ignoredisabled = true;
after $user is pulled from the database and before it's passed to email_user

In email_user we modify the can_receive_email line to read:
if ($userto->ignoredisabled && !$mailinfo = can_receive_email($userto)) {

The latter solution sounds good to me. Will you push the change?

I'm going to push this with a tidy up - removing the catching of the EmailDisabledException in forgotpass and removing the language string relating to this. Probably get around to finishing it this afternoon.

I don't think that it makes sense to make this a configuration option, but I wonder whether perhaps we should warn whether e-mail is disabled. The concept of disabling e-mail was added for the purposes of VERP so that a user with an invalid e-mail address would have their account automatically disabled when >=20% of sent e-mail had bounced. As a result, the user may get somewhat confused when they request a password reset, but it never arrives because, for whatever reason, their e-mail bounces.

I've pushed a fix which warns a user if the recipient address is over the bounce threshold but attempts to send the e-mail even if e-mail has been disabled.