Surely I can't be the only person who's experienced this problem? I know it happened with earlier versions but the advice for those isn't relevant to 4.x.x

Please, can somebody give me some advice on this?

Hello! Am I the only person in this forum? :)

So to be short, you click on "forgot password", enter your user name and get an email with a link to backoffice to reset the password, where "Basic users" don't have access.

If that's correct, it's a bug and you may need to edit the email template.

sam2kb wrote:

So to be short, you click on "forgot password", enter your user name and get an email with a link to backoffice to reset the password, where "Basic users" don't have access.

If that's correct, it's a bug and you may need to edit the email template.

Thank you for your reply. You have summarised it correctly.
Since this is a new installation of the latest version of b2evolution, I'm at a bit of a loss to know:
a) why it doesn't work "out of the box" as it's been developed to this stage for several years.
b) just which module do I need to modify and with what?

Hope you can point me in the right direction.
Thanks again.

Edit this code in /htsrv/login.php

// Add Message to change the password:
$Messages->add( T_( 'Please change your password to something you remember now.' ), 'success' );

// Note: the 'core.changepwd.request_id' Session setting gets removed in b2users.php

// Redirect to the user's profile in the "users" controller:
// TODO: This will probably fail if the user has no admin-access permission! Redirect to profile page in blog instead!?
// redirect Will save $Messages into Session:
header_redirect( url_add_param( $admin_url, 'ctrl=users&user_ID='.$ForgetfulUser->ID, '&' ) ); // display user's profile
/* exited */
break;

Make it look like this, replace 1 with your default blog ID

// Add Message to change the password:
$Messages->add( T_( 'Please change your password to something you remember now.' ), 'success' );

// Note: the 'core.changepwd.request_id' Session setting gets removed in b2users.php

$BlogCache = & get_BlogCache();
$Blog = $BlogCache->get_by_ID(1);
if( $Blog )
{
	$changepwd_url = url_add_param( $Blog->gen_blogurl(), 'disp=pwdchange&reqID='.$reqID );
}
if( empty( $changepwd_url ) )
{ // redirect to admin change password form 
	$changepwd_url = url_add_param( $admin_url, 'ctrl=users&user_ID='.$ForgetfulUser->ID, '&' );
}

// Redirect to the user's profile in the "users" controller:
// TODO: This will probably fail if the user has no admin-access permission! Redirect to profile page in blog instead!?
// redirect Will save $Messages into Session:
header_redirect( $changepwd_url ); // display user's profile
/* exited */
break;

This bug is fixed in b2evolution v5

Many, many thanks. Will make the changes when I resume work on Monday.

Ken