Closed (fixed)
Project:
Password change confirm
Version:
6.x-1.x-dev
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
14 Nov 2009 at 14:19 UTC
Updated:
9 Sep 2010 at 17:10 UTC
Jump to comment: Most recent file
Comments
Comment #1
dave reidI'm not sure how to hide this. I can't find anything specific I can use to hide on registration.
Comment #2
crea commentedSubscribing..
Comment #3
aequor commentedSubscribing
Comment #4
fizk commentedI've created a custom way of handling this for my site. If anyone's interested, I can post it.
Comment #5
fizk commentedTwo patches are included:
password_change-6.x-1.0-beta1.patch: Patch against 6x. 1.0 beta1
user.pages_.inc_.patch: Patch against core (modules/user/user.pages.inc)
Comment #6
fizk commentedHere's what the patch does:
- create a "Change password" fieldset under the user account edit page.
- upon password reset confirmation (following the link in your password reset email), the user is presented with a password change confirmation screen.
Comment #7
dave reidFound a way to do this and committed it to CVS! Thanks everyone!
http://drupal.org/cvs?commit=301660
Comment #8
fizk commentedIs
password_change_form_user_pass_reset_alter()called even if the user enters an incorrect timestamp or hashed password in the reset url?Comment #9
dave reidI was pretty sure that it didn't. Basically all the logic in user_pass_reset performs drupal_gotos() which end execution and hence stops any form_alter() hooks to execute. Did a manual test of trying to hack the reset URL and as expected, did not add the flag cookie.
Comment #11
weka commentedPassword change confirm 6.x-1.0 is displaying the "Your current password:" field on the edit form for users who just logged in using the one-time login.
This would not be too bad of a problem except the password sent in the welcome e-mail is not validating and user receives the "Incorrect current password." error when entering the password received in the e-mail.
Comment #12
YK85 commentedI see this issue is for 7.x-1.x-dev
I was wondering if this problem still exists in 6.x-1.x-dev as indicated by Weka in #11
Also, what happens to the "Your current password:" field when you log in with the one-time login (forgotten password) and need to change your password?
Thank you!
Comment #13
dave reidUsing the latest 6.x-1.x I can't confirm there is any problem. I was able to use the reset password link just fine.