quick security improvement
i would get rid of this message 'cause it lets anyone snooping to immediately know who is registered!

[KK]

Hi,

Not sure if you were referring to the forum or Couch itself.

In Couch, the exact message you see should be 'Invalid username or password'.
This is an intentionally generic message that is shown in several different conditions e.g.

a. User creds are inordinately long (likely a hacking attempt)
b. User does not exist
c. User exists but the password is wrong
d. Account is locked due to several consecutive failed logon attempts

As you can see, the message leaves ambiguity about the precise reason behind the failed logon.
This is in keeping with the suggested security measures.

use Notejam's reset password page to see message appear on entering invalid email
found in Couch file is couch/lang/EN.php, scroll to $t['no_such_user']

[KK]

Unfortunately, while recovering forgotten password (as opposed to at login that I referred to in my previous post), not much can be done except candidly report when the email is not found.

Reporting any other thing would only serve to confuse a user who has genuinely entered a wrong email (people, more often than not, have several addresses and don't recall which one was used to create account at a particular site).

Even industry heavy-weights like Wordpress do exactly the same so, I suppose, this is not something terribly wrong.

cool