Hi All,
Not sure I'm posting this in the right place but I think I found a bug in the 1.0 captcha.
The onBeforeNewPassword function requires the security code to be posted even if you set the param to not use captcha on the lost pass form.
Looks like the fix is to add this after line 136
[code:1]$params = $this->params;
if (!$params->get('captchaNewPassword',1)) {
return;
}
[/code:1]
I downloaded this a plugin a few months ago not sure if it has been corrected yet the file version says
* @version $Id: captcha.php 396 2006-08-24 14:16:31Z beat $