Kirby Panel forgot password

Good idea. I think this function belong to the core. Anyone against it? If so, why?

1 Like

It would indeed be better to have that in the core, maybe you can post a feature request on Github, @jenstornell?

2 Likes

I don’t think you can be against this feature, but I’m not sure whether it would be used by enough users to be worth it. Because a site typically has not many users, you can always ask the admin to set a new password for you. Implementing a password reset in the Panel core can create security issues.

I think that depends on the site and the admin might not always be available.

Would this be less secure than using an external solution like @PhoenixPeca has suggested? I would think that such a feature would be better off in the core.

1 Like

That’s true!

No, definitely not. Given a well structured code that follows security best practices, it’s not insecure. But every additional feature (even more every feature that might allow unauthorized access to a CMS) can be insecure. This feature requires much care if integrated into the Panel IMHO.

2 Likes

If this feature will be added to the core, then I think it would be better to have the feature that can turn it off with the config file… I mean, not all administrators wanted a forgot password feature because enabling it would lead to possible security issues as stated above… :smiley:

1 Like

I just thought the same thing. The best of both worlds. Then hardcore developers can use their alternative own super security system, like this one for example. The rest can use a secure core default password resetter.

@lukasbestle Does that sound good to you?

Added an issue on github:

I think this feature should be added to the Kirby panel core. Therefor I added the issue to the Kirby panel repository. Then Bastian can deside what to do with it.

He could:

  • Close the issue without doing anything about it
  • Implement your or any other solution for it
  • Make an own solution for it

I cant even understand my own code; its too messy… I wish bastian can create another way to create reset password system…

I think that making it an optional feature is a great solution!

2 Likes

I totally agree. Most of my customers would not need such a function, therefore it would make sense to make this optional. I would not want to use potentially risky feature if there is no need for it.

And there it should be.

Hi there,

What is the status of this?

I’ve noticed that the original plugin isn’t there anymore


any reason for taking it down?

@samnabi, I guess this is also a crucial feature for online shopping, I mean it is pretty much expected that an online store allows customers to reset their passwords, no?

Thanks

This might have been the reason:

1 Like

Thanks for alerting me to this thread, @dfriere, I had missed it the first time around.

As it happens, Shopkit v1.0.4 will have a password reset function… feedback welcome! (I already implemented @lukasbestle’s suggestion above for more secure tokens)

The way I’ve implemented user authentication is pretty Shopkit-specific, so I’m not planning on releasing this as a stand-alone plugin at the moment.

1 Like

Great :slight_smile:

IMHO, this feature really ought to be in core though.

@samnabi, in your code, the activate and reset mail subjects and bodies are hardcoded in english. It would be nice to allow the possibility of using other languages.

thank you for asking… During the past few major Kirby Core (toolkit) updates made by Bastian, I have been struggling to maintain the original reset password plugin… It started when Kirby’s core yaml parser was updated, and it results multiple error… I have no clear understandings on how to use the Kirby toolkit, so I’ve made my own hacks (direct include a php file located somewhere in the toolkit, and uses a function written), that breaks every update… So, after some couple of Kirby updates, I decided to set it aside and learn toolkit first and continue developing it soon… The phrase “I didn’t even understand my own code” I added in this thread is just a joke… I obviously understand my own code cause I wrote it, but integrating it with a foreign code not familiar to me is trivial…

Summary: Sorry, the plugin is still under development…

Ps: Sorry for my bad english.

This plugin is poorly, integrated to the core, due to my unfamiliarity to the core… A simple Kirby update could break the function of this plugin… I need to study how to use the Kirby toolkit properly, before I get this plugin compatible to the latest Kirby version… :wink:

This plugin is now available in github. After some few months I decided to rewrite some lines of this code and add it back to github.

2 Likes

Good work man. Do you still want some improvements to this repo? Alot of the code is not needed because of the yaml framework of kirby. If you’re interested, I can try to help you with this :slight_smile:

Thanks man!!! Everyone’s always welcome to help improve this plugin… I’m not that familiar with the kirby toolkit yet, that’s why I have hard coded the useful functions that I need to prevent things from breaking down after any major kirby updates… But, if you can make things simple, you can do your move!!! :smiley: :smiley: :smiley: :smiley: