Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
Hi I'm having a small Catch22 on a site:
- User requests password
- User uses emailed link to login
- User clicks edit to set a new password
- User is asked for the Current password
What is wrong in my logintoboggan setup that gets my users into this loop?
Comments
Comment #1
Gham CreditAttribution: Gham commentedHi
Just came across this very issue and solved it by using this module :
http://drupal.org/project/nocurrent_pass
It allows you to disable the requirement for the current password.
G.
Comment #2
blazindrop CreditAttribution: blazindrop commentedI thought I was having a LoginToboggan-related issue and decided to try to reproduce your issue. Using D7.8 and LoginToboggan 7.x-1.3 and following your steps I cannot reproduce; when I login using the one-time login and go to my user edit page, I'm not asked for my password.
Can you tell us what your LoginToboggan settings are from /admin/config/system/logintoboggan?
Comment #3
Andrés Chandía CreditAttribution: Andrés Chandía commentedHi there I'm having the same issue, so these are my settings:
Drupal 7.16
Login Toboggan 7.x-1.3
Configuration:
Allow users to login using their e-mail address YES
Use two e-mail fields on registration form YES
Set password NO
Override destination parameter NO
Present login form on access denied (403) YES
Display login successful message YES
Minimum password length 8
I do receive the one time login, when requesting a new password, that sends me to a page with next info:
Clicking on LOGIN sends me to my profile page, then I go to EDIT, to change my password, and here it asks me for my "Current password" which I don't know, that's why I'm requesting a new password, and I cannot set a new password because I don't know my current one:
Probably I'm doing something wrong, could you give me some advice on how to solve this?
Thanks.
Comment #4
DynamicSoftware CreditAttribution: DynamicSoftware commentedAndrés,
I'm having the exact same problem as you are. I have a new website I'm trying to launch and can't seem to get past the registration because of this issue.
If anyone knows how to correct this, it would be greatly appreciated.
Thanks,
Domenic
Comment #5
cristiroma CreditAttribution: cristiroma commentedWe are facing the same issue, but this is a Drupal bug described here http://drupal.org/node/1596960
Comment #6
Road Kill CreditAttribution: Road Kill commentedPossible solution http://drupal.org/project/password_hustle
Comment #7
Andrés Chandía CreditAttribution: Andrés Chandía commentedThanks, this module did the trick!
Comment #8
matt.rad CreditAttribution: matt.rad commentedI am having this issue as well. It seems like a bug to me.
At any rate, Password Hustle solved it, and added something nice to my site in the process. Thanks Road Kill!
Comment #9
matt.rad CreditAttribution: matt.rad commentedAfter more testing, I found that Password Hustle resulted in something weird that I did not like during password recovery (using the onetime login and entering then entering the new password via Password Hustle sent me back to the login...), so I went back to looking for a solution to this and found this thread:
https://drupal.org/node/1777422
Turns out the action I had set to send a user to their user page after logging in was the spanner in the works.
Comment #10
stevecowie CreditAttribution: stevecowie commentedThanks matt.rad for sharing that. It feels like this is not really a logintoboggan issue so we'll close this thread for now.
Comment #11
joe.didonato CreditAttribution: joe.didonato commentedThis is happening on the Drupal.org site itself for me trying to create an account...
Comment #12
tagyoureit CreditAttribution: tagyoureit commentedYes, agree with Joe... I can't set a password on DRUPAL.ORG because the one-time link requires a current password. D'oh!
Comment #13
nally CreditAttribution: nally commentedI am also experiencing this on drupal.org itself. Sorry for the "me too post" but can we find out what module structure drupal.org has? That may provide a clue to the underlying problem.
Comment #14
nally CreditAttribution: nally commentedComment #15
YesCT CreditAttribution: YesCT commentedmight be a duplicate of #889772: Following a password reset link while logged in leaves users unable to change their password
Comment #16
nally CreditAttribution: nally commentedThanks for the suggestion, YesCT, but I was not logged in initially when I experienced this problem, so that's one data point where this seems to be a different issue.
Comment #17
trevorforrest CreditAttribution: trevorforrest commentedI would suggest the simple password reset module or the pasword reset landing page module to solve this problem
https://drupal.org/project/simple_pass_reset
https://drupal.org/project/prlp
Comment #18
dddave CreditAttribution: dddave commentedThis is not drupal core and a dupe btw.
Comment #19
myke CreditAttribution: myke commentedI had this exact same problem on a website (Drupal 7). I am using logintoboggan, however, that did not turn out to be the problem.
I had a Rule to redirect users upon login. It turns out this was also redirecting them away from the password reset page.
I used the Path Rules module, and added an additional Condition into the check: The path must NOT contain "user/reset".
I had to add a second rule to redirect to the page I wanted them to go to on login when they update their account.
Everything seems to be working how I want it to now.
Comment #20
donavanwilliams CreditAttribution: donavanwilliams as a volunteer commented@myke: You sir, are the man. #19 - That's exactly what was going on for me. Many thanks!
Comment #21
BassPlaya CreditAttribution: BassPlaya as a volunteer commentedWhy not use Drush to solve the issue?
First do
drush upwd 'Admin' --password=new_password
then do
drush uli
Copy and paste that link and log in, reset your Admin account's password, no?
Comment #22
ahmedbsalem2753 CreditAttribution: ahmedbsalem2753 commented@myke would you please elaborate on your answer? I am dealing with the same issue, when I request to reset my password and go to edit my profile to change it the current password field is set to required and it shouldn't. There is a rule in my workflow and it goes as follow:
Events:
User has logged in
Conditions
None
Actions
Elements: Page redirect
URL Value: admin/workbench
Force Redirect is set to true
Append Destination Parameter is set to False.
Do I need to tweak something so it won't prompt me for my current password when I request a link to reset my password?
I am using Drupal 7
Thanks,t