I have a query regarding sending emails in account_reminder module.

What password is mentioned in the email. Is it a temporary password?
What if the user has been sent a one-time login link and he is supposed to reset the password on first use?
Is this password generated by this module or is it the correct drupal password for a user?

Comments

mdixoncm’s picture

mdixoncm commented
Status: Active » Closed (fixed)

Hi Prateek.

The user's password is not held in cleartext within Drupal, so it is not possible to resend it. The mechanism used in this module is the same as that used when a user has "forgotten their password", i.e. a new password is generated and sent to the user.

Cheers,

Mike

prateek’s picture

prateek commented

OK, now I get it.

So, the sequence of steps would be:

user signs up --->

<--- temp password mailed initially

(user never logs in)

(after few days)

<--- user gets a reminder mail with new temp password

hmmm.....

Idea is good, but it might have been better if the original temp password was still valid.
And provide a link to the "password reset page" if he has forgotten it.
Reason being, if he searches his mails, he will still be having the old password.
A second password might confuse him. To add to the trouble, he has to choose another password immediately when he logs in using one-time link.

This is, of course, just my opinion.
Thanks for the nice module.

mdixoncm’s picture

mdixoncm commented

Yes, agreed - that is definitely a nicer way of doing it, but in Drupal the password is never held in cleartext (for good reason), so we can't resend it to the user, or generate the one time login link.

So its a trade off between either resetting the password and sending the user a login link and a password

OR

Sending them an email saying "please refer to the origional email for login details"

We chose the former, but it could be the wrong choice :)

Cheers,

MIke