Hey all, If (like me) you have sites running older versions of CE there is a bug in forgot_username that would explain these kind of issues. The bug was fixed last October by Bruno but it meant that a users password would be reset if they asked to be sent their login. This would effectively lock them out of the system until they reset their password again..!
The commit that fixed it is here: http://github.com/bborn/communityengine/commit/2e63f434bf8959aed75be15795e4d85570abdf0e The correct version is: def forgot_username return unless request.post? if @user = User.find_by_email(params[:email]) UserNotifier.deliver_forgot_username(@user) redirect_to login_url flash[:info] = :your_username_was_emailed_to_you.l else flash[:error] = :sorry_we_dont_recognize_that_email_address.l end end Hope that helps, -- Barry On Sep 9, 9:47 am, Bruno Bornsztein <[email protected]> wrote: > I'm guessing this is due to users requesting a password reset when they > haven't yet activated their account. Then they try to log in using their > reset password, but it doesn't work because their account is inactive. I've > pushed some changes to prevent passwords and usernames from being sent out > to users who are inactive. You can also direct people to the 'resend > activation e-mail' page at /resend_activation > Thanks, > Bruno > > On Thu, Aug 27, 2009 at 2:03 PM, shiftshane <[email protected]> wrote: > > > Any updates on this? As eksatx mentioned, there's gotta be some > > sequence that causes this error. I wonder if maybe users are clicking > > the reset button more than once real fast and it generates two new > > random passwords but for some reason only sends out an email for the > > first one? Not sure if that's possible, but trying to figure out what > > causes it. I now get about 5-10 emails a day from users saying the > > reset doesn't work at all. Is this happening to anyone else? > > > On Jul 10, 6:43 pm, eksatx <[email protected]> wrote: > > > I also have had a couple users report this issue. However, when I > > > create a test user from scratch, I am able to reset the password just > > > fine. There must be some specific sequence of steps that leads to the > > > problem. > > > > On Jul 10, 10:08 am, shiftshane <[email protected]> wrote: > > > > > Users on my site are having the same issues. I'm on a really old > > > > version of CE. I'm wondering if there has been a fix for this? I get > > > > about 10 users a week emailing me saying the password that was reset > > > > by the system doesn't work. > > > > > When I try resetting mine, it works fine. I was chalking it up to user > > > > error, but it seems like it's some random bug or something. Anyone > > > > else been having this issue? It's been going on for the past few > > > > months. > > > > > On Jun 13, 9:27 pm, LostyJai <[email protected]> wrote: > > > > > > Thanks for that guys, I appreciate it. > > > > > > Just sometimes I get users saying their newly resetted passwords are > > > > > not working. Most of the time this is a user problem. > > > > > > Would you people be able to suggest any options to avoid these kind > > of > > > > > problems? (make it more easier?) > > > > > > On Jun 14, 4:52 am, Levi Rosol <[email protected]> wrote: > > > > > > > The functionality for a user toresettheir own password is already > > built > > > > > > into CE. > > > > > > > To maintain a secure system, no one, not even administrators should > > be able > > > > > > to see what a users password is. CE does a great job of this by > > hashing this > > > > > > information, and also providing users with a way toresettheir > > information > > > > > > if it is lost. > > > > > > > -- > > > > > > Levi Rosol > > > > > > Twitter: @LeviRosol > > > > > > > On Sat, Jun 13, 2009 at 1:47 PM, Carl Fyffe <[email protected]> > > wrote: > > > > > > > > Your exac request isn't possible because he passwords are not > > > > > > > encrypted, they are hashed, which is basically a one way > > encryption > > > > > > > that is very fast. Everytime a user does a login, the submitted > > > > > > > password is rehashed and the result is checked against what is > > stored. > > > > > > > > I would suggest creating a way for the users to "reset" their > > > > > > > password. This would create a new random password and email it to > > the > > > > > > > address you have in the system. Hen, when they login, they can > > change > > > > > > > their password to something more memorable. This would take you > > out of > > > > > > > the loop at least. > > > > > > > > On 6/12/09, LostyJai <[email protected]> wrote: > > > > > > > > > Hi, > > > > > > > > > I keep of getting users emailing me regarding their passwords > > not > > > > > > > > working. > > > > > > > > > This usually is a human error, but I wish to be able to see the > > users > > > > > > > > passwords and be able to tell them that they've entered their > > > > > > > > passwords incorrectly. > > > > > > > > > How would I go about unencrypting the passwords stored in the > > > > > > > > database? > > > > > > > > > Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CommunityEngine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/communityengine?hl=en -~----------~----~----~----~------~----~------~--~---
