I'm setting up a website using 4.7.0-beta4 and one of my users reported that after (re)requesting his password he got an email without the password value expanded:

Paul Lemmens,

Hier is je nieuwe wachtwoord voor Volleybalvereniging Pegasus. Je kunt nu inloggen via http://XXXXXXXXXX.nl/user met de volgende username en wachtwoord:

username: Paul Lemmens
password: %password

Unfortunately I can not track the problem down into the code of the user module; it is beyond my current capabilities. However, I do find it striking that in the description field of the body of the "password recovery e-mail" the variable %password is not mentioned.

It almost feels as if this is not a coincident: %password has not been registered as an optional variable in the code arranging the expansion for these variables. I would expect though that this would be a generalized function and that generating and expanding the %password string for the other e-mails would not work as well. However, when I register a new user the password _actually_ is generated and send out through the registration e-mail.

I'm not sure if this is really a bug or something wrong with my system because I am unsure where to look for fixing this, but I want to look further if somebody helps.

Comments

killes@www.drop.org’s picture

killes@www.drop.org commented

I think this might be an error in the Dutch translation. Can you check that?

heine’s picture

heine commented

This email has not been translated in 4.7 versions of the Dutch translation (not even the reset link email has been tranlated) so it must be custom made.

Can you check that this password recovery should not actually contain a reset link instead of a new password?

killes@www.drop.org’s picture

killes@www.drop.org commented
Status: Active » Closed (duplicate)

Ah, now I got it, see http://drupal.org/node/28868.

The password variable was removed and replaced.

Lappie’s picture

Lappie commented

I am not sure I understand how to fix this problem for the time being by reading the referenced duplicate. I also do not see it as a duplicate (but I might be dense on my early morning).

So by the comment from Heine there is some kind of reset variable that I can insert instead of the %password string?

Indeed, the translation of the message subject and body was a personal customization; it didn't work with the english original as well.

Lappie’s picture

Lappie commented

So what probably happened is that I initially installed 4.6.x, added the Dutch translation and then upgraded to beta4 of 4.7. For some reason the new message bodies in administrate>settings>user that can be found around line 1345 of the beta4 user.module did not get through to the web interface at the location I just mentioned. So I just did not know about the changes in those bodies.

Perhaps the changes didn't come through because I have not yet installed the 470-beta4 Dutch translation?

Perhaps offtopic: how can it be that those new strings in the user.module did not show up in the web interface?

heine’s picture

heine commented

The problem results from a change in how password recovery is handle; instead of getting a new password a one time reset link is sent. You already had a custom message so the default that comes with 4.7 doesn't show. Below you'll find the English text for the email; it has not been translated yet.

------------------------------------------------------------------------
%username,

A request to reset the password for your account has been made at %site.

You may now log in to %uri_brief clicking on this link or copying and pasting it in your browser:

%login_url

This is a one-time login, so it can be used only once. It expires after one day and nothing will happen if it's not used.

After logging in, you will be redirected to %edit_uri so you can change your password.
------------------------------------------------------------------------