[TYPO3-english] Reset fe-user password

Discussion:

[TYPO3-english] Reset fe-user password - saltedpassword

Tomas Norre Mikkelsen

13 years ago

Hi,

I have search the TER and google, and cannot find a extension which that do
following:

1. Have a page with - Forgot password, type in you email,
2. sent email with URL to reset-password-page.
3. resets the password
4. Logs the users in, if configured or allow the user to do so.

If not, i'll be glad to develop it, but if already excists it's no need to
=)

Perhaps the felogin should be extenended?

--
Best Regards
Tomas Norre Mikkelsen

TYPO3 Profile: http://forge.typo3.org/users/4289
TYPO3 Developer @ netimage.dk

Follow me at twitter.com/tomasnorre

Richard Davies

13 years ago

Permalink

Hi Tomas,

Unless I misunderstand something felogin has that option. Tick the box
'enable password recovery link' and you can click 'forgot your password'
below the felogin box. It isn't a plugin that purely shows a forgot
password box, and it doesn't automatically log the user in after they
change their password, but it is part of felogin.

Richard

...

Tomas Norre Mikkelsen

13 years ago

Permalink

Hi Richard,

2012/12/5 Richard Davies <richard at ocular.co.nz>

Post by Richard Davies
Hi Tomas,
Unless I misunderstand something felogin has that option. Tick the box
'enable password recovery link' and you can click 'forgot your password'
below the felogin box. It isn't a plugin that purely shows a forgot
password box, and it doesn't automatically log the user in after they
change their password, but it is part of felogin.

You are partly right, EXT:felogin allows the uses to get you password by
email, but when using RSA salted passwords, it sents the text-value of you
crypted password, which is usuable.

I want no password in email, only link to reset-password page, passwords
should never be sent in emails..

--
Best Regards
Tomas Norre Mikkelsen

TYPO3 Profile: http://forge.typo3.org/users/4289
TYPO3 Developer @ netimage.dk

Follow me at twitter.com/tomasnorre

Jigal van Hemert

13 years ago

Permalink

Hi,

Post by Tomas Norre Mikkelsen
You are partly right, EXT:felogin allows the uses to get you password by
email, but when using RSA salted passwords, it sents the text-value of you
crypted password, which is usuable.
I want no password in email, only link to reset-password page, passwords
should never be sent in emails..

I think you have other extensions in your installation which send the
password by email.

EXT:felogin does the following:

- user clicks on forgot password link
- form is displayed where user can enter username or email address
- user receives email with link to form to enter new password (link can
only be used once and for a limited time)
- user enters new password en password is changed (even supporting
salted passwords, etc.)

EXT:felogin *never* sends a password by mail!

--
Jigal van Hemert
TYPO3 Core Team member

TYPO3 .... inspiring people to share!
Get involved: typo3.org

Tomas Norre Mikkelsen

13 years ago

Permalink

Hi,

Post by Jigal van Hemert
- user clicks on forgot password link
- form is displayed where user can enter username or email address
- user receives email with link to form to enter new password (link can
only be used once and for a limited time)
- user enters new password en password is changed (even supporting
salted passwords, etc.)
EXT:felogin *never* sends a password by mail!

It was cause the felogin where stilled installed as Frontend Plugin as
version 1.0.0 therefore the old behavior still was used.

The new sysext, does excatly at wanted, thanks for pointing me in to the
right direction.

--
Best Regards
Tomas Norre Mikkelsen

TYPO3 Profile: http://forge.typo3.org/users/4289
TYPO3 Developer @ netimage.dk

Follow me at twitter.com/tomasnorre

Jigal van Hemert

13 years ago

Permalink

Hi,

Post by Tomas Norre Mikkelsen
It was cause the felogin where stilled installed as Frontend Plugin as
version 1.0.0 therefore the old behavior still was used.
The new sysext, does excatly at wanted,

You may have noticed that in recent versions of TYPO3 the sysexts have
the version number of the release. This makes it easier to detect such
situations. If you see for example EXT:felogin version 4.7.4 in a TYPO3
6.0.0 installation you know there is something wrong.

--
Jigal van Hemert
TYPO3 Core Team member

TYPO3 .... inspiring people to share!
Get involved: typo3.org

Tomas Norre Mikkelsen

13 years ago

Permalink

Post by Jigal van Hemert
You may have noticed that in recent versions of TYPO3 the sysexts have
the version number of the release. This makes it easier to detect such
situations. If you see for example EXT:felogin version 4.7.4 in a TYPO3
6.0.0 installation you know there is something wrong.

I know now =) Thanks.

--
Best Regards
Tomas Norre Mikkelsen

TYPO3 Profile: http://forge.typo3.org/users/4289
TYPO3 Developer @ netimage.dk

Follow me at twitter.com/tomasnorre