[drupal-docs] Password reminder mails will be broken in 4.7

Karoly Negyesi karoly at negyesi.net
Fri Aug 26 05:49:37 UTC 2005


Hi!

As we now use a one time URL mechanism to let those in who forgot their  
password, the reminder mail have been changed. Unlike other updates this  
can't be handled automatically since this is user entered text, albeit  
with some variables.

Here is the new text:

       case 'pass_body':
         return t("%username,\n\nA request to reset the password for your  
account has been made at %site.\n\nYou may now log in to %uri_brief  
clicking on this link or copying and pasting it in your  
browser:\n\n%login_url\n\nThis is a one-time login, so it can be used only  
once. It expires after one day and nothing will happen if it's not  
used.\n\nAfter logging in, you will be redirected to %edit_uri so you can  
change your password.", $variables);

Versus the old.

       case 'pass_body':
         return t("%username,\n\nHere is your new password for %site. You  
may now login to %login_uri using the following username and  
password:\n\nusername: %username\npassword: %password\n\nAfter logging in,  
you may wish to change your password at %edit_uri", $variables);

If someone ever pressed save on admin/settings then the text is served  
 from DB and not from code. That's the problem.

As you can see, %login_url is needed and %password is no more filled in so  
password reminders are pretty much useless.

I have no idea on how should we remind our users of this but somehow we  
must. Or at least I think this is important. Feel free to disregard my  
email as usual.

Regards

NK



More information about the drupal-docs mailing list