Community
Support » Post installation

How to change password after logging in via a "one time login" link

Posted by narragansett on January 24, 2013 at 12:19am

OK, I assume I'm missing something obvious, but I can't see it, so I've got to ask...

As administrator, I create an account for a new user, and check "notify user of new account". An email is sent with a link to a "one time login".

Click on the link, access the site through that link, a message appears suggesting the user changes their password.

First issue - for many inexperienced web users, it isn't necessarily obvious that they will need to click on the "My Account" link, then choose the "Edit" tab in order to get to the page where their password may be changed. Is it possible to set my site to go directly to that page after using a "one time login" link?

Second issue - this new user hasn't been told a password. They have in fact been told to change their password ASAP. But if they get to the page where they can do so, they are required to enter the current password that they don't have... How in the heck is this supposed to work?

Like I said, I assume I'm missing something blindingly obvious. But I am definitely missing it - please help!

Thanks.

using D7.19

Login or register to post comments Categories: ,

Comments

I think you have the wrong

Posted by nicoz on January 24, 2013 at 1:09am

I think you have the wrong workflow

1. Admin creates an account checks off notify user
2. User gets a one-time login link in email
3. User clicks link and gets sent to site where they see:
This is a one-time login for [username] and will expire on January 24, 2013. Click on this button to log in to the site and change your password. This login can be used only once.
4. User clicks login
5. changes password (does not require u to input old password)
6. user hits save

First issue - for many inexperienced web users, it isn't necessarily obvious that they will need to click on the "My Account" link, then choose the "Edit" tab in order to get to the page where their password may be changed. Is it possible to set my site to go directly to that page after using a "one time login" link?

No, this is not correct, they are sent directly to the edit page after clicking the one-time login link

Second issue - this new user hasn't been told a password. They have in fact been told to change their password ASAP. But if they get to the page where they can do so, they are required to enter the current password that they don't have... How in the heck is this supposed to work?

This is also not correct. They are asked to enter their password, then to add it again to make sure they match. There isn't an "Current password " field if they use a one-time login link. only if the are directly editing their account.

What I wrote is exactly what

Posted by narragansett on January 24, 2013 at 3:54am

What I wrote is exactly what I was seeing. I understand that what you described is how it is supposed to work, it just wasn't...

While waiting for a reply, I did some more searching - it took more than an hour to find it, but I stumbled across this thread -- http://drupal.org/node/889772

Short version - since I am already redirecting to a specific URL based on the role of the user, the standard workflow (as you described) doesn't work. A workaround is the Password Hustle module. I installed it and it fixed the issue...

Thank you very much for the reply. It confirmed that I wasn't crazy, which settled me down quite a bit and allowed me to get to the actual problem... :)

nobody click here