Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-23692

Change Forgotten Username or Password process

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      1. Apply this patch, hit notifications to trigger db upgrade
      2. Go to login page, click the forgot password link
      3. Supply valid username
      4. Check email inbox for that user & click link in email from moodle
      5. Enter new password (twice)
      6. Check that you are now logged in, and can logout & log back in with your new password.

      You can re-run this procedure with permutations of

      • protect usernames on/off
      • new install of moodle with this code, vs upgrade.
      • supplying username, or email address at forgot password screen
      • supplying correct details multiple times (should get max 2 emails)
      • supplying invalid user details
        Although obviously the number of trials skyrockets pretty quickly.
      Show
      1. Apply this patch, hit notifications to trigger db upgrade 2. Go to login page, click the forgot password link 3. Supply valid username 4. Check email inbox for that user & click link in email from moodle 5. Enter new password (twice) 6. Check that you are now logged in, and can logout & log back in with your new password. You can re-run this procedure with permutations of protect usernames on/off new install of moodle with this code, vs upgrade. supplying username, or email address at forgot password screen supplying correct details multiple times (should get max 2 emails) supplying invalid user details Although obviously the number of trials skyrockets pretty quickly.
    • Affected Branches:
      MOODLE_19_STABLE, MOODLE_25_STABLE
    • Fixed Branches:
      MOODLE_26_STABLE
    • Pull Master Branch:
      passwordreset-2013-10-07-1031Z

      Description

      As the administrator for a 1.98 site, I have many users who say that the current forgotten password reset procedure is complicated. Would it be possible to have a system as follows:

      1. On the Forgotten password page, user types in username or email address.
      2. Email is sent to person. If they confirm that they want to change their password, they click on the provided link.
      3. They are taken to a change password page where they would need to enter a password conforming to the standards set up by the security settings.

      So instead of Moodle auto-generating a temporary password and emailing it to the person, the person can directly choose a new password.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              peterbulmer Peter Bulmer
              Reporter:
              elmonemo21 Michael Buchanan
              Peer reviewer:
              Frédéric Massart
              Integrator:
              Damyon Wiese
              Tester:
              Adrian Greeve
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              11 Vote for this issue
              Watchers:
              22 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                18/Nov/13