"Forgot Password?" in /panel

AhoyLemon · March 30, 2016, 6:06pm

Heyo,

I just had a request come in today from a client who wants a “Forgot password?” system in the panel. In the short-term I can just assure here that I can reset her password using my own account, but I’m wondering - is this a feature that was left out intentionally?

I see somebody made a plugin for this, but that’s no longer maintained or online.

texnixe · March 30, 2016, 6:13pm

This has been asked for on several occasions and there is a GitHub issue as well. I have no idea though if this is going to be implemented in the near future or at all.

bnomei · April 1, 2016, 9:40am

you could offer a php skript that take a new password param alters the account file. reset to a random one and send a mail. following skirpt is untested, just use this as an inspiration.

// URL http://www.example.com/user:myuser/forgot-password:1
// URL Routing http://www.example.com/forgot-password/user:myuser
if($newpassword = get('forgot-password' && $changeUser = get('user'))) {
  $newPW = str::random(8);
  $site->user($changeUser)->update(array(
      'password' => $newPW
  ));
 // send mail to user with new pw
 $mail = $site->user($changeUser)->email();
 $email = new Email(array(
    'to'      => $mail,
    'from'    => $mail,
    'subject' => 'new password',
    'body'    => 'some text: '.$newPW
  ));

  if($email->send()) {
   echo 'The email has been sent';
  } else {
    echo $email->error()->message();
  }
}

https://getkirby.com/docs/toolkit/api/str/random
https://getkirby.com/docs/toolkit/sending-email
https://github.com/getkirby/kirby/blob/master/core/user.php#L226

texnixe · April 1, 2016, 10:29am

Problem is that this way you send a plain text password via an unencrypted mail which is not really such a good idea.

lukasbestle · April 1, 2016, 10:48am

…at least not if you don’t force the user to change their password after the first login in some way.

texnixe · April 1, 2016, 11:07am

… and set a time limit to access with this password.

texnixe · April 1, 2016, 11:50am

And I still think that a password reset via reset link - done right - is the best option and should be part of the core - to be enabled via a config setting.

AhoyLemon · April 1, 2016, 2:53pm

I’d definitely agree with you there.

bnomei · April 8, 2016, 6:55am

sure but a random password is too hard to remember so its a good guess the user will change it. an the text in the mail could tell him too. its just a workaround.

texnixe · April 9, 2016, 7:56am

Most of my passwords are almost impossible to remember, they are just some long random strings …

bnomei · April 9, 2016, 10:37am

mine too, using 1password. but i understand your concerns.

PhoenixPeca · May 5, 2016, 1:14pm

Good News! I added the forgot password plugin back . Download it here. The installation instructions is in this thread.

bnomei · June 30, 2016, 4:34pm

this does not work since update password does hash on its own. can not fix code above.

lukasbestle · June 30, 2016, 6:33pm

Thanks, I corrected it above.

Topic		Replies	Views
Password reset for non-panel users Questions 🤔	3	586	April 27, 2021
"Forgotten Password" functionality for front-end users	5	969	June 22, 2022
Kirby Panel forgot password Plugins	26	11378	October 10, 2016
User password change Solved ✅	2	338	August 25, 2023
How to reset my password? Solved ✅	3	4981	February 6, 2021

"Forgot Password?" in /panel

Related topics