Reset password function about socialnetwork HOT 28 CLOSED

Your feedback is highly appreciated.
Password forgotten function implemented.

from socialnetwork.

Awesome, but maybe you should send a link out once someone requests their password changed. Then when they click on that it will reset. Right now it's possible to reset anyones password.

from socialnetwork.

I will try to improve the process, thx for your feedback

from socialnetwork.

okay, now we have a new pw reset process.
1.) user gets a mail with confirmation url.
2.) password will be send to user after confirmation url is clicked.
3.) user can change random generated pw via settings...

from socialnetwork.

It doesn't send the generated password after clicking on the confirm link.

from socialnetwork.

i tried just one time and it worked ... let me try it again ..

from socialnetwork.

It was the demo I tried on.

from socialnetwork.

demo works for me, but i noticed that mails came from [email protected].
so for sure some mail server will block this "example.com" domain.

from socialnetwork.

But that should work as long as the sender e-mail exists? I get the reset request from [email protected], but nothing when I click reset. Does it send from same e-mail?

from socialnetwork.

i just changed the from part.

But that should work as long as the sender e-mail exists?
Nope it depends on the receiver's mail server...
Strange, can you send me the confirmation link please, thx

from socialnetwork.

Here's the link, http://www.dasmerkendienie.com/user/password/reset/65d2ea03425887a717c435081cfc5dbb/

from socialnetwork.

mhm still looks like its a mailserver problem
(host smtp.getontheweb.com[66.36.236.47] said: 451 qq read error (#4.3.0) (in reply to end of DATA command))

from socialnetwork.

That's weird, since it sends the first e-mail.

from socialnetwork.

@besn any clue whats going on here ?

from socialnetwork.

I checked my mail.log and it looks to me like some sort of temporary black- or greylisting.

In between the 451 errors i see lots of timeouts to the same server but the mails get delivered eventually. The "qq read error" doesn't help me much because it seems to be some generic qmail error which might be related a configuration error (unlikely), to a virus-scanner or greylisting.

from socialnetwork.

first of all, the issue itself "password reset" is solved in my opinion!
but i noticed that the password reset mail was flagged as spam.
one of the reason was, i tried to send a html mail without html opening tag.
i solved this issue already, but still its quite confusing that the first mail gets out, but not the
second one....

from socialnetwork.

a broken html mail might upset some spamfilter and could explain why the server refused to accept the message (and probably blocked the server for some time)

from socialnetwork.

we could try to send multipart mails, maybe mail gets more trustworthy, while there is a plain text part...

from socialnetwork.

depending on the spamfilter it might be more happy with a multipart mail then a pure html mail

from socialnetwork.

okay, i added multi part mails, now spamassassin gives me a score of 0, which is pretty good!

from socialnetwork.

We out of ideas? I just tried to reset password for two different email addresses, @yahoo.com and @hotmail.com. None of them worked, it actually didn't reset the password at all. So I believe there is something wrong with the part where it generates a new password. Because I was able to login with the old password and I am still able to do that even after confirming.

from socialnetwork.

that s weird, because it works on my test account ...
maybe it needs some further investigations!

You got the confirmation mail right ?
And after clicking on the confirmation link, no second email came ?
Also you are still able to login with old password, after clicking the confirmation link ?

from socialnetwork.

Yes, I received confirm mail and I confirmed it. Then I received no second mail, but was still able to login with old password.

from socialnetwork.

Also figured the confirm url doesn't expire when its clicked. It keeps using same link in every email

from socialnetwork.

@Phumix mhm i can at least explain why the link does not change...

from socialnetwork.

@andreas83 oh?

from socialnetwork.

Good news, i found the cause and solution.
$user->api_key = md5($_POST['nick']+date("Y-m-d H:i:s"));
new users got always the same api key due wrong string concating ...

i fixed it already in andrea, but need to recreate the api key on demo ...

from socialnetwork.

okay i just reset all api keys.
@Phumix please, try to reset your password again

from socialnetwork.