Recent Topics

[4.1.x] Access denied for lost password

started by on Jan 25, 2012 – Last touched: Jan 25, 2012

Jan 25, 2012 11:27    

My b2evolution Version: 4.1.x

I accidentally posted this in the "bugs report" forum so I apologise for a dual posting but I desperately need help on this.

After a request for "Lost password" retrieval, an 'Access Denied' screen gets displayed when the user clicks the email link sent from the blog. (Basic User). This seems totally wrong - surely it should be straightforward for any user to request a new password? Have I got a setting wrong somewhere?

Only other references I can find in the forums seem way out of date and relate to much earlier versions of b2 where the advice seems no longer relevant.

Jan 27, 2012 10:37

Surely I can't be the only person who's experienced this problem? I know it happened with earlier versions but the advice for those isn't relevant to 4.x.x

Please, can somebody give me some advice on this?

Jan 28, 2012 13:30

Hello! Am I the only person in this forum? :)

Jan 29, 2012 00:12

So to be short, you click on "forgot password", enter your user name and get an email with a link to backoffice to reset the password, where "Basic users" don't have access.

If that's correct, it's a bug and you may need to edit the email template.

Jan 29, 2012 12:12

sam2kb wrote:

So to be short, you click on "forgot password", enter your user name and get an email with a link to backoffice to reset the password, where "Basic users" don't have access.

If that's correct, it's a bug and you may need to edit the email template.

Thank you for your reply. You have summarised it correctly.
Since this is a new installation of the latest version of b2evolution, I'm at a bit of a loss to know:
a) why it doesn't work "out of the box" as it's been developed to this stage for several years.
b) just which module do I need to modify and with what?

Hope you can point me in the right direction.
Thanks again.

Feb 03, 2012 05:27

Edit this code in /htsrv/login.php

PHP

// Add Message to change the password:
$Messages->addT_'Please change your password to something you remember now.' ), 'success' );
 
// Note: the 'core.changepwd.request_id' Session setting gets removed in b2users.php
 
// Redirect to the user's profile in the "users" controller:
// TODO: This will probably fail if the user has no admin-access permission! Redirect to profile page in blog instead!?
// redirect Will save $Messages into Session:
header_redirecturl_add_param$admin_url'ctrl=users&user_ID='.$ForgetfulUser->ID'&' ) ); // display user's profile
/* exited */
break;

Make it look like this, replace 1 with your default blog ID

PHP

// Add Message to change the password:
$Messages->addT_'Please change your password to something you remember now.' ), 'success' );
 
// Note: the 'core.changepwd.request_id' Session setting gets removed in b2users.php
 
$BlogCache = & get_BlogCache();
$Blog $BlogCache->get_by_ID(1);
if( $Blog )
{
    $changepwd_url url_add_param$Blog->gen_blogurl(), 'disp=pwdchange&reqID='.$reqID );
}
if( empty( $changepwd_url ) )
// redirect to admin change password form 
    $changepwd_url url_add_param$admin_url'ctrl=users&user_ID='.$ForgetfulUser->ID'&' );
}
 
// Redirect to the user's profile in the "users" controller:
// TODO: This will probably fail if the user has no admin-access permission! Redirect to profile page in blog instead!?
// redirect Will save $Messages into Session:
header_redirect$changepwd_url ); // display user's profile
/* exited */
break;

Feb 03, 2012 05:28

This bug is fixed in b2evolution v5

Feb 03, 2012 11:22

Many, many thanks. Will make the changes when I resume work on Monday.

Ken


Form is loading...

powered by b2evolution free blog software – This forum is powered by b2evolution CMS, a complete engine for your website.