Skip to Content Skip to Menu

🎃 Happy Halloween! Treat yourself with an awesome discount on memberships! Get 20% off now with code SPOOKY-2024!

verification code to reset password

  • azjr
  • azjr
  • OFFLINE
  • Posts: 99
  • Thanks: 10
  • Karma: 2
8 years 6 months ago #280838 by azjr
Replied by azjr on topic verification code to reset password

krileon wrote: We don't have such functionality. Our forgot login will always generate a new password and directly send it to them. We've a feature ticket already to basically rewrite how our forgot login behaviors to be more up to date with forgot logins usage standards in a later CB release.


Kyle - I checked with client's legal dept and this looks like much bigger problem than I initially thought: there are legal repercussions for business who sends passwords in plain text - bottom line: passwords should never be sent - period. Something happens - user gets hacked - password was sent via email in plain text - business is liable. You can try to add disclaimers, etc. in the email footer - doesn't change the fact when it comes to worse.

That puts me in the pickle, because this is hitting a solid rock: what are my solutions?

I've looked through my email history and pretty much every single Joomla extension account I ran into uses the token instead of password. Why was/is this not implemented in CB?
The following user(s) said Thank You: lousyfool

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48460
  • Thanks: 8280
  • Karma: 1443
8 years 6 months ago - 8 years 6 months ago #280864 by krileon
Replied by krileon on topic verification code to reset password
Don't use CBs forgot login then until we've the time to rewrite it. I've adjust the ticket for this to urgent priority and moved it to 2.0.14.

forge.joomlapolis.com/issues/5680

Currently I am working on the new Joomlapolis website so it won't happen until that is at least done.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Last edit: 8 years 6 months ago by krileon.
The following user(s) said Thank You: azjr

Please Log in or Create an account to join the conversation.

  • azjr
  • azjr
  • OFFLINE
  • Posts: 99
  • Thanks: 10
  • Karma: 2
8 years 6 months ago #280870 by azjr
Replied by azjr on topic verification code to reset password
I understand - thanks for escalating.
When you say: "dont' use CB's forgot login" - what is my alternative? well, the key IS TO USE CB, only find alternative for the forgot login part - I will have one of our developers look at it, but if you have suggestions on how to accomplish it, that would be very helpful. at least direction on how you would approach it.
thanks!

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48460
  • Thanks: 8280
  • Karma: 1443
8 years 6 months ago #280943 by krileon
Replied by krileon on topic verification code to reset password
Disable Joomla registration, unpublished Joomla login modules, then use a Joomla menu item to Joomlas forgot login, finally within Extensions > Plugins > Community Builder System plugin > Parse URLs disable "Redirect URLs" and "Rewrite URLs". This should allow you to reach Joomla user component to be able to use Joomla forgot login.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
The following user(s) said Thank You: azjr

Please Log in or Create an account to join the conversation.

  • azjr
  • azjr
  • OFFLINE
  • Posts: 99
  • Thanks: 10
  • Karma: 2
8 years 6 months ago #280982 by azjr
Replied by azjr on topic verification code to reset password
This is really good Kyle - it works good.
With this in mind - that is, with the ability to customize how CB can co-exists with Joomla and use the PW reminder via Joomla's output - why not just publicize this solution instead of building integrated one? I know, this is just a 'devil's advocate' type question - but I'm curious if using this "override" somehow I'm jeopardizing the security of the entire system, or is it just a quite clever way to go around when necessary? or is there another explanation?
Thanks again Kyle!

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48460
  • Thanks: 8280
  • Karma: 1443
8 years 6 months ago #281003 by krileon
Replied by krileon on topic verification code to reset password
We block access to Joomla user component as it allows back door login and registration. As you can see configuration to stop this is a bit in depth. Expecting every user to properly shut off Joomla registration and login in favor of CBs is a support nightmare (and was before the rewrite url behavior). With that said the option is still there by simply disabling the rewrite url behavior.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum