Hello,
I look after the homepage of a club and cannot cope with the settings in the members area "forgot your password".
A user of the non-public member site must log in with his (in the user directory specified) e-mail address and his assigned password.
The password assigned by the administrator must be changed by the user when logging in for the first time. The minimum length of the password is 10 characters. A strong password is checked.
Passwords must contain at least one uppercase letter and one digit.
This procedure works without any problems.
If the user has forgotten his password and goes on "Forgot your password?", he can enter his (specified in the user directory) email address.
The system then sends a code to its e-mail address in the form:
Code 8X06573ERQ12345UV4297FG8
And a message:
"Clicking on the following link takes you to the website where you can enter the code below and reset your password: https://www....
But with this code he does not come into the members area
How does this code become a new password?
How does the webmaster become aware of the problem?
The versions used:
CMSMS: 1.12.2 "Kolonia"
CMSMailer 5.2.14
CMSPrinting 1.0.5
FileManager 1.4.5
MenuManager 1.8.7
MicroTiny 1.2.9
ModuleManager 1.5.8
News 2.15.2
Search 1.7.13
ThemeManager 1.1.8
CGSimpleSmarty 1.10
FrontEndUsers 1.31.3
CGExtensions 1.53.19
Gallery 2.3.2
Settings CMSMailer:
Character set: Utf-8
Mail method: SMTP
SMTP host name: smtp.strato.de
Encryption with: SSL
SMTP server port: 465
From Address: webmaster@ ...
"From" Username: Name Webmaster
Sendmail path: /usr/lib/sendmail
SMPT timeout: 1000
SMTP authentication: checked
Username: webmaster@ ...
Password: registered
Test Email Address: info@ ...
CMSMailer
Re: CMSMailer
First some notes:
- your version is outdated and not supported anymore, so I'd recommend to start an upgrade path.
- how is the title of this topic related to the problem/question?
If I understand the question correctly:
The link should bring the user to a page where he can set his new password. He should do it himself. As this link is sent to his personal email-address it could be considered a secure way to reset a password.
I don't know if there's an notification sent to an admin.
- your version is outdated and not supported anymore, so I'd recommend to start an upgrade path.
- how is the title of this topic related to the problem/question?
If I understand the question correctly:
The link should bring the user to a page where he can set his new password. He should do it himself. As this link is sent to his personal email-address it could be considered a secure way to reset a password.
I don't know if there's an notification sent to an admin.