One time URL not working in request new password

The problem does not happen in Drupal itself, but DOES also happen in the 4.7 securesite module. My testing indicates that the %login_url assignment is missing from the $variables array that is set in line 32 of securesite.inc. Can anyone tell me the proper code to add there for a patch?

replacing line 32 with this
$variables = array('%username' => $account->name, '%site' => variable_get('site_name', 'drupal'), '%login_url' => user_pass_reset_url($account), '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $account->mail, '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE));

the one time URL is generated but when trying to access the securesite module request a user/password

i'm think writing new password in mail must be a good solution

For security reasons, Drupal no longer sends password resets by e-mail. I replaced the current password reset response message with the Drupal 4.6 version until a more secure solution is offered.

Here's a patch for the 4.7 release. Note that users need to enter both their username and e-mail address in the form to get their password.

Hi,

How about the patch for drupal 5 release, is that the same?

greetings,
Martijn

The issue is closed for the DRUPAL-5 branch. Junyor, you have CVS access to the project. Feel free to commit your patch.

There have been no requests for this fix in 4.7, so I'm not going to commit and I'll close this instead.

It looks like this change was undone when the patch from issue #28408 was committed. See http://drupal.org/node/204191 for a recent bug report about this issue with some suggested solutions.

Darren, any idea why this fix was undone?

No idea. NaX had more to do with that patch than I did.