I am using the EZ Publish CMS:
What is currently happening:
-
From the forgot password page, user enters the email address that they
used to register and submits -
User receives an email with a password generating link which
uses a hash to confirm their identity. -
User receives an email with a freshly generated password
-
User returns to site using the link from their email which takes them
to a form that asks for the old password (which was just generated
and has been sent to their email) and for them to enter a new
password.
What I want to happen:
-
From the “forgot password” page, user enters the email address that they
used to register and submits -
User receives an email with a link to the “enter new password” form
-
On the “enter new password” form, user is not required to enter old
password because identity has already been confirmed by hash and
therefore only has to enter the new password.
I am using the EZMBPAEX extension which has the original 4 step process.
There doesn’t seem to be any documentation or discussion about removing the “email the user a new password” step but my client has a very strict no passwords sent by email policy so I can’t flex on this.
Does anyone know where I can find documentation on how to edit this functionality?
I think the file that will need to be edited is located in:
/extension/ezmbpaex/modules/userpaex/forgotpassword.php
When I updated the plugin it had the number of steps I wanted.