I now need to add a “Forgotten Password” process for the users, in case they forget their details. I know there is a panel-based system but I need to do this for users without panel access.
I am not sure where to start with this, would anyone be able to give any pointers for implementing this? Thanks in advance!
Hi,
No that doesn’t work unfortunately.
The ideal flow I would be after would be a page for forgotten password, where the visitor enters their email address. This would then trigger an email with a URL in to the user to reset the password. At that URL would be a form for them to enter a new password for that account (still on my site front end).
I guess I need some sort of authentication in the URL that is sent… this is a bit beyond my experience but hopefully someone here has implemented something like it for a Kirby members site.
If you don’t want the user to put in a code as authentication before resetting the password you can do so via a URL and a specific template for the reset page.
for example you could have smth like this in your controller for the passwort reset page:
if ($kirby->request()->is('POST') && get('pwresetstart')){
$authCode = md5(uniqid("", true).random_bytes(20));
$confirmlink = $site->url()."/pw-reset/{$authCode}/";
$kirby->impersonate('kirby');
$site->find('pw-reset')->createChild([
'template' => 'confirm',
'slug' => $authCode,
'draft' => false
]);
$body = "{$site->find('pw-reset')->mailbody()->value()}\n\n";
// like this you could use %link as a variable within a textarea for example, and replace that part with the URL for the password reset
$body = str_replace("%link", $confirmlink, $body);
kirby()->email([
"to" => get('email'),
"from" => "{$page->noreplymail()->value()}",
"subject" => "{$page->pwresetsubject()->value()}",
"body" => $body
]);
}
Generally you could try and make use of controllers for this if the kirby-given password reset is insufficient for you.