Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-23692

Change Forgotten Username or Password process

    Details

    • Testing Instructions:
      Hide

      1. Apply this patch, hit notifications to trigger db upgrade
      2. Go to login page, click the forgot password link
      3. Supply valid username
      4. Check email inbox for that user & click link in email from moodle
      5. Enter new password (twice)
      6. Check that you are now logged in, and can logout & log back in with your new password.

      You can re-run this procedure with permutations of

      • protect usernames on/off
      • new install of moodle with this code, vs upgrade.
      • supplying username, or email address at forgot password screen
      • supplying correct details multiple times (should get max 2 emails)
      • supplying invalid user details
        Although obviously the number of trials skyrockets pretty quickly.
      Show
      1. Apply this patch, hit notifications to trigger db upgrade 2. Go to login page, click the forgot password link 3. Supply valid username 4. Check email inbox for that user & click link in email from moodle 5. Enter new password (twice) 6. Check that you are now logged in, and can logout & log back in with your new password. You can re-run this procedure with permutations of protect usernames on/off new install of moodle with this code, vs upgrade. supplying username, or email address at forgot password screen supplying correct details multiple times (should get max 2 emails) supplying invalid user details Although obviously the number of trials skyrockets pretty quickly.
    • Affected Branches:
      MOODLE_19_STABLE, MOODLE_25_STABLE
    • Fixed Branches:
      MOODLE_26_STABLE
    • Pull Master Branch:
      passwordreset-2013-10-07-1031Z

      Description

      As the administrator for a 1.98 site, I have many users who say that the current forgotten password reset procedure is complicated. Would it be possible to have a system as follows:

      1. On the Forgotten password page, user types in username or email address.
      2. Email is sent to person. If they confirm that they want to change their password, they click on the provided link.
      3. They are taken to a change password page where they would need to enter a password conforming to the standards set up by the security settings.

      So instead of Moodle auto-generating a temporary password and emailing it to the person, the person can directly choose a new password.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  11 Vote for this issue
                  Watchers:
                  23 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    18/Nov/13