Currently a new password is sent immediately upon request in then login module. With that just anybody can reset the password for every single user since the emails are publicly available on my site which is a business directory. I would need a double opt in for the password reset so that only after receiving the request validation the account owner can initiate the reset.
The forgot login will be redesigned in a later release. Essentially it'll send a URL to a page for them to reset the password instead of resetting at time of request. Until then we've no solution regarding forgot login unless you choose to implement your own usage or use Joomlas (you'd have to disable CBs redirect/rewrite URLs functionality in CBs system plugins to access it).
Kyle (Krileon) Community Builder Team Member Before posting on forums:
Read FAQ thoroughly
+
Read our Documentation
+
Search the forums CB links:
Documentation
-
Localization
-
CB Quickstart
-
CB Paid Subscriptions
-
Add-Ons
-
Forge
-- If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
-- If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please
send me a private message
with your thread and will reply when possible!
-- Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
-- My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
krileon
