It uses one field, not both. If you want it to use the email address, do not fill in the username.
On Mon, Feb 23, 2015 at 8:19 AM, Rowe, Dolores A <dolores.a.r...@boeing.com> wrote: > Shouldn't it be able to use the email address I have just filled in to send > the user a new password, even if > that user had not filled out their email address in their particular profile ? That would allow you to hijack any account by simply supplying your own email address to the form. _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l