XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. Xoops Development / 
  3. Xoops Bug Reports 
  4.  / Lost Password Confirmation Emails
Register
1
EugeneP
Lost Password Confirmation Emails

  • 2005/9/15 10:02

  • EugeneP

  • Just popping in

  • Posts: 4

  • Since: 2005/9/15


It is not actually a bug, but a place that causes inconveniences.
It the first phase of `forgot password` process a user who requested his password get a confirmation email with a link to activation page.

Why this link is without the domain name where XOOPS is intalled? I use version 2.2.2

I made a simple fix to this::

mainfile.php

// XOOPS Virtual Path (URL)
// Virtual path to your main XOOPS directory WITHOUT trailing slash
// Example: define('XOOPS_URL', '/xoops');
define('XOOPS_URL', '/xoops');

// XOOPS Domain
// The URL of domain where XOOPS is intalled
// Example: http://www.your.domain.name
define('XOOPS_DOMAIN', 'www.your.domain.name');

and than in lostpass.php

line 81: $xoopsMailer->assign("NEWPWD_LINK", "http://".XOOPS_DOMAIN.XOOPS_URL."/lostpass.php?email=".$email."&code=".$areyou);

I suppose that is not so trivial. Why a user should get an email without full link to the activation page? Or maybe I have some incomplete version of xoops?
2
Dave_L
Re: Lost Password Confirmation Emails

  • 2005/9/15 11:06

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


In mainfile.php, XOOPS_URL should be an absolute URL, not a relative URL.

Example:
define('XOOPS_URL', 'http://example.com/xoops');

Then your change is not needed.
3
EugeneP
Re: Lost Password Confirmation Emails

  • 2005/9/15 12:12

  • EugeneP

  • Just popping in

  • Posts: 4

  • Since: 2005/9/15


As far as I know, these pre-defined contants are written into mainfile.php by installation script. I just have not changed anything while installing.
You say that this constant can be changes safely by adding domain name to it and everything will work?
4
Dave_L
Re: Lost Password Confirmation Emails

  • 2005/9/15 12:20

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


Maybe you provided the wrong URL, or XOOPS incorrectly determined the URL, when you installed XOOPS.

I recommend editing mainfile.php and making the change I indicated above.

I don't know anything about your server configuration or what customizations you've made, and cannot guarantee everything will work correctly.

Doing a backup first is always a good idea, so if the change causes problems, you can revert to your previous configuration.
5
dean_collins
Re: Lost Password Confirmation Emails

did this problem get fixed yet as it is causing problems for my users (FFS how dumb do you have to be to loose a password) inevitably they end up emailing me the password email and I just copy out the unique url onto the fqdn and click it myself but it should be an easy fix to solve this.

Cheers,
Dean
6
dean_collins
Re: Lost Password Confirmation Emails

Problem fixed, Please add to bug fixes (or modify what i've done below to 'correct programming syntax' if I've done a bodgy work around)



There is a problem with the template for the email that is being sent out;


here is lostpassword1.tpl for 2.2.3

[size=xx-small]
Hello {X_UNAME},

A web user from {IP} has just requested a new password for your account at {SITENAME}.
You can get your new password by clicking on the link below:

{NEWPWD_LINK}

If you didn't ask for this, don't worry. Just delete this Email.

-----------
{SITENAME} ({SITEURL})
webmaster
{ADMINMAIL}
[/size]


here is the email delivered

[size=xx-small]
Hello Dean Collins,

A web user from 68.174.172.170 has just requested a new password for your account at AussieNYmeetup.net.
You can get your new password by clicking on the link below:

/lostpass.php?email=dean@collins.net.pr&code=98064

If you didn't ask for this, don't worry. Just delete this Email.

-----------
AussieNYmeetup.net (/)
webmaster
dean@collins.net.pr
[/size]


So the two mistakes are that it should have site url and then newpwd_link

the second one is that my site thinks the {site url} is just a "/"



So I made the following changes

[size=xx-small]
lostpass1.tpl

changed to suit lost password link problems

In place of "{NEWPWD_LINK}"
added "http://www.{SITENAME}{NEWPWD_LINK}"
[/size]




Now my lostpass1.tpl looks like

[size=xx-small]
Hello {X_UNAME},

A web user from {IP} has just requested a new password for your account at {SITENAME}.
You can get your new password by clicking on the link below:

http://www.{SITENAME}{NEWPWD_LINK}

If you didn't ask for this, don't worry. Just delete this Email.

-----------
{SITENAME}
webmaster
{ADMINMAIL}
[/size]



and the email sent out looks like

[size=xx-small]
Hello Dean Collins,

A web user from 68.174.172.170 has just requested a new password for your account at AussieNYmeetup.net.
You can get your new password by clicking on the link below:

http://www.AussieNYmeetup.net/lostpass.php?email=dean@collins.net.pr&code=98064

If you didn't ask for this, don't worry. Just delete this Email.

-----------
AussieNYmeetup.net
webmaster
dean@collins.net.pr
[/size]



I also modified lostpass2.tpl file as well
1) for user education about how to change password in "Extended Profiles"
2) to provide url for easy login

[size=xx-small]
Hello {X_UNAME},

A web user from {IP} has just requested that password be sent.
Here are your login details at {SITENAME}.

Username: {LOGINNAME}
New Password: {NEWPWD}

You can change it in the "Extended Profiles" section after you login at http://www.{SITENAME}
If you didn't ask for this, don't worry. You are seeing this message, not 'them'. If this was an error, we are really sorry but please login with your new password.

-----------
{SITENAME}
webmaster
{ADMINMAIL}
[/size]



If there is something wrong with my suggestion can you let me know as this is my first ever open source bug fix :)

Cheers,
Dean
7
Herko
Re: Lost Password Confirmation Emails

  • 2005/9/23 14:13

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


Thanks! Will make sure this is fixed in 2.2.3 final

herko
8
melgert
Re: Lost Password Confirmation Emails

  • 2005/9/27 15:26

  • melgert

  • Friend of XOOPS

  • Posts: 18

  • Since: 2005/7/5 2


Just a small remark: {SITENAME} is not an url bute the title (name) of the site. So in the URL it should be {SITEURL}
9
Mithrandir
Re: Lost Password Confirmation Emails

This is fixed in XOOPS 2.2.3 RC2 - will be out shortly.
"When you can flatten entire cities at a whim, a tendency towards quiet reflection and seeing-things-from-the-other-fellow's-point-of-view is seldom necessary."

Cusix Software
10
DevlshOne
Re: Lost Password Confirmation Emails

  • 2005/10/11 2:30

  • DevlshOne

  • Just popping in

  • Posts: 56

  • Since: 2005/4/15


Every user that has lost their password on my XOOPS site has had to email me to let me know that the new password sent by the site was not the correct password for the account. Is this a known bug?

Also, how come the lost password module doesn't pay attention to the "password" rules as set in the system->preferences admin menu? I have it set for an 8 character password but the site is generating 6 character passwords for users that lose theirs.

Thanks
[size=x-small]Dawn of War Planet
RTS Planet
[/size]

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

327 user(s) are online (189 user(s) are browsing Support Forums)

Members: 0

Guests: 327

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits