Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-23692

Change Forgotten Username or Password process

    XMLWordPrintable

Details

    • MOODLE_19_STABLE, MOODLE_25_STABLE
    • MOODLE_26_STABLE
    • passwordreset-2013-10-07-1031Z
    • Hide

      1. Apply this patch, hit notifications to trigger db upgrade
      2. Go to login page, click the forgot password link
      3. Supply valid username
      4. Check email inbox for that user & click link in email from moodle
      5. Enter new password (twice)
      6. Check that you are now logged in, and can logout & log back in with your new password.

      You can re-run this procedure with permutations of

      • protect usernames on/off
      • new install of moodle with this code, vs upgrade.
      • supplying username, or email address at forgot password screen
      • supplying correct details multiple times (should get max 2 emails)
      • supplying invalid user details
        Although obviously the number of trials skyrockets pretty quickly.
      Show
      1. Apply this patch, hit notifications to trigger db upgrade 2. Go to login page, click the forgot password link 3. Supply valid username 4. Check email inbox for that user & click link in email from moodle 5. Enter new password (twice) 6. Check that you are now logged in, and can logout & log back in with your new password. You can re-run this procedure with permutations of protect usernames on/off new install of moodle with this code, vs upgrade. supplying username, or email address at forgot password screen supplying correct details multiple times (should get max 2 emails) supplying invalid user details Although obviously the number of trials skyrockets pretty quickly.

    Description

      As the administrator for a 1.98 site, I have many users who say that the current forgotten password reset procedure is complicated. Would it be possible to have a system as follows:

      1. On the Forgotten password page, user types in username or email address.
      2. Email is sent to person. If they confirm that they want to change their password, they click on the provided link.
      3. They are taken to a change password page where they would need to enter a password conforming to the standards set up by the security settings.

      So instead of Moodle auto-generating a temporary password and emailing it to the person, the person can directly choose a new password.

      Attachments

        Issue Links

          Activity

            People

              peterbulmer Peter Bulmer
              elmonemo21 Michael Buchanan
              Frédéric Massart Frédéric Massart
              Damyon Wiese Damyon Wiese
              Adrian Greeve Adrian Greeve
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Sujith Haridasan
              Votes:
              11 Vote for this issue
              Watchers:
              21 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                18/Nov/13