Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+7 votes
978 views
in Q2A Core by
Hi There,

When somebody wants to reset the login password, the process is somehow complicated.

First, a code is sent to the email. Then, the user should click on the link and a new page comes up that asks for the code. After providing the code, another email is sent with the password. Then, the user should go to email and opens the link to login with the new password. Furthermore, if the user wants to change the system-provided pass, he should go to the profile and change the pass.

This process is complicated for a user. If there anyway I can similify this process?
Q2A version: 1.7.4

2 Answers

+3 votes
by

That's a very good point, and not something I'd really thought about. Sending passwords by email is a bad idea too (it does recommend to change it once logged in, but many users may not do that).

The standard process on most websites is:

  1. Click "forgot password" link.
  2. Enter your email.
  3. Click link in email to a page with password form.
  4. Enter your new password.

I'll look at adding that to Q2A in the future.

by
This is a must-be-changed issue, please give it priority. Thank you Scott. PS: Please get rid of the "insert code" field which confuses the users.
by
This was already implemented and will be in 1.8.
+2 votes
by
I haven't paid much attention at password resets in Q2A before but after doing so, I have to agree with you. It makes no sense to send 2 emails. I created a pull request with some changes to the core that should simplify the process a little bit. Images included :) https://github.com/q2a/question2answer/pull/457
by
Thanks  Bro!
by
PR has been merged into the 1.8 branch so if you update to the latest code in the 1.8 branch you should see this new behaviour.

https://github.com/q2a/question2answer/archive/1.8.zip

Of course, note 1.8 is still in development and has not yet been released.
by
Edit: We should get rid of the "insert code" field. This confuses the users because many think it's their new password!
by
It is not possible to get rid of it because if the user is not able to open the link from their email client (for whatever reason) they have to input it manually. More info here: https://github.com/q2a/question2answer/pull/457#issuecomment-255596647

Anyway, with this in mind I made sure that there shouldn't be any need to input the code if the user clicks the link, making sure it is fetched from the GET array too: https://github.com/q2a/question2answer/blob/dev/qa-include/pages/reset.php#L45
...