[ABD] Email Only Password Reset

Any abandoned Extensions will be moved to this forum.

WARNING: Extensions in this forum are not currently being supported or maintained by the original Extension author. Proceed at your own risk.
Forum rules
IMPORTANT: Extension Development Forum rules

WARNING: Extensions in this forum are not currently being supported nor updated by the original Extension author. Proceed at your own risk.
Locked
User avatar
martti
Registered User
Posts: 911
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

[ABD] Email Only Password Reset

Post by martti »

Extension Name: Email Only Password Reset
Author: martti
Extension Description:
By default in a phpBB board you need to provide both username and email to reset your password. With this extension enabled you need only to give your email address.

Only users with a unique email address in the database will be able to have sent a new password. It is recommanded to check beforehand if all email addresses are unique. When you left the configuration option "Allow email address re-use" in the ACP (General > Board configuration > User registration settings) to the default "false" in your board, this will be the case.

Extension Version: 0.1.0
Requirements: PhpBB 3.2+ PHP 7+
Extension Download: https://github.com/marttiphpbb/phpbb-ex ... master.zip The files are to be put in ext/marttiphpbb/emailonlypasswordreset
Github repository: https://github.com/marttiphpbb/phpbb-ex ... swordreset
Languages: en
Templates: prosilver
Screenshot:

Image

Related extensions:
Last edited by martti on Thu Apr 25, 2019 4:25 pm, edited 3 times in total.
User avatar
Toxyy
Registered User
Posts: 942
Joined: Mon Oct 24, 2016 3:22 pm
Location: Namek
Contact:

Re: [3.2][BETA] Email Only Password Reset

Post by Toxyy »

Can you add option for username or email? That would have it incorporate all scenarios a user would want.
I am a web developer/administrator, specializing in forums. If you have work you need done or are too lazy to do, pm me!

Some of my extensions:
[3.3][BETA] Post Form Templates || [3.3][BETA] Anonymous Posts || [3.2][3.3][BETA] ACP Merge Child Forums || [3.2][BETA] Sticky Ad || [3.2][DEV] User Delete Topics || [3.3][DEV] Moderate While Searching || [3.3][RC] Short Number Twig Extension
User avatar
martti
Registered User
Posts: 911
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Email Only Password Reset

Post by martti »

Toxyy wrote: Fri Jun 08, 2018 3:42 am Can you add option for username or email? That would have it incorporate all scenarios a user would want.
I thought of that, but then I let it go because it might become an instrument of attack. A robot or person can just read the usernames from the board.

For those who are ok with the risk I could make another extension for this scenario. It's just a small modification from this extension and then I don't need to add configuration. Both extensions are then simple and focused.

Did you test the extension?
User avatar
Toxyy
Registered User
Posts: 942
Joined: Mon Oct 24, 2016 3:22 pm
Location: Namek
Contact:

Re: [3.2][BETA] Email Only Password Reset

Post by Toxyy »

martti wrote: Fri Jun 08, 2018 5:30 am
Toxyy wrote: Fri Jun 08, 2018 3:42 am Can you add option for username or email? That would have it incorporate all scenarios a user would want.
I thought of that, but then I let it go because it might become an instrument of attack. A robot or person can just read the usernames from the board.

For those who are ok with the risk I could make another extension for this scenario. It's just a small modification from this extension and then I don't need to add configuration. Both extensions are then simple and focused.

Did you test the extension?
Wouldn't they just be able to do that if this extension is disabled anyways? I'm not quite sure it matters if the reset always goes to the users email.

No I haven't, I can tomorrow.
I am a web developer/administrator, specializing in forums. If you have work you need done or are too lazy to do, pm me!

Some of my extensions:
[3.3][BETA] Post Form Templates || [3.3][BETA] Anonymous Posts || [3.2][3.3][BETA] ACP Merge Child Forums || [3.2][BETA] Sticky Ad || [3.2][DEV] User Delete Topics || [3.3][DEV] Moderate While Searching || [3.3][RC] Short Number Twig Extension
User avatar
martti
Registered User
Posts: 911
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Email Only Password Reset

Post by martti »

Toxyy wrote: Fri Jun 08, 2018 3:42 am Can you add option for username or email? That would have it incorporate all scenarios a user would want.
I have started another extension for this: Username Or Email Password Reset.
colinshead
Registered User
Posts: 104
Joined: Sun Mar 29, 2015 11:37 am

Re: [3.2][BETA] Email Only Password Reset

Post by colinshead »

Hi Martii

Extension seems to work fine, but functionality not much of an improvement in my view on the standard phpBB Forgot Password arrangement. Users still end up having a two step process (activate plus login with a random password). I find that many of my users struggle with this forgot password arrangement, as many have very limited IT skills, and longish random passwords are a bit daunting!

Could not the extension offer the following functionality:

User clicks the Forgot Password link

Ext sends an e-mail containing a link, which when clicked takes the user to a Password Reset screen.

The Password Reset screen allows the user to enter a new password (twice to ensure accuracy) then User clicks submit, and is immediately redirected to the normal login screen, where he/she can login into the board.

Obviously the password entered should be constrained to the password complexity settings in ACP. Might also be worth including a CAPTCHA test before 'Submit' becomes active, to prevent robot attempts.

I think this arrangement would be entirely secure, unless the users e-mail account has itself been compromised, in which case the user has more to worry about that a board password reset !

All the best

Colin
User avatar
martti
Registered User
Posts: 911
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Email Only Password Reset

Post by martti »

colinshead wrote: Thu Feb 07, 2019 2:43 pm Hi Martii

Extension seems to work fine, but functionality not much of an improvement in my view on the standard phpBB Forgot Password arrangement. Users still end up having a two step process (activate plus login with a random password). I find that many of my users struggle with this forgot password arrangement, as many have very limited IT skills, and longish random passwords are a bit daunting!

Could not the extension offer the following functionality:

User clicks the Forgot Password link

Ext sends an e-mail containing a link, which when clicked takes the user to a Password Reset screen.

The Password Reset screen allows the user to enter a new password (twice to ensure accuracy) then User clicks submit, and is immediately redirected to the normal login screen, where he/she can login into the board.

Obviously the password entered should be constrained to the password complexity settings in ACP. Might also be worth including a CAPTCHA test before 'Submit' becomes active, to prevent robot attempts.

I think this arrangement would be entirely secure, unless the users e-mail account has itself been compromised, in which case the user has more to worry about that a board password reset !

All the best

Colin
That would be something for another extension as it is other functionality. My philosophy is that extensions should do only one thing. (But I don't have plans to make this one)
User avatar
trilo
Registered User
Posts: 22
Joined: Tue Mar 01, 2016 7:04 pm
Name: Trilo Byte
Contact:

Re: [3.2][BETA] Email Only Password Reset

Post by trilo »

Any chance of this being submitted for review and released? It sounds like a perfect piece of functionality (thank you). Most times when one of my users forgets their password, they also can't remember their username... and they never think to search the memberlist before filling out the contact form to ask for help.

The usual process (as I've observed) seems to be: get the wrong pw and try again (a few times hehe). Then they try the forgot password link, but can't remember the username/email combo. Then they try creating a new account and find that the email address is in use. User then fills out the contact form and friendly neighborhood admin looks up the username for them.

Letting people request a reset email using just the email address that's registered will save several steps for users and hopefully eliminate the need for admin assistance on that issue.

I'm happy to install and test on a beta site, but would prefer not to use pre-release extensions on production site if I can avoid it.

Thanks in advance!
User avatar
martti
Registered User
Posts: 911
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Email Only Password Reset

Post by martti »

trilo wrote: Thu Feb 28, 2019 7:30 am Any chance of this being submitted for review and released? It sounds like a perfect piece of functionality (thank you). Most times when one of my users forgets their password, they also can't remember their username... and they never think to search the memberlist before filling out the contact form to ask for help.

The usual process (as I've observed) seems to be: get the wrong pw and try again (a few times hehe). Then they try the forgot password link, but can't remember the username/email combo. Then they try creating a new account and find that the email address is in use. User then fills out the contact form and friendly neighborhood admin looks up the username for them.

Letting people request a reset email using just the email address that's registered will save several steps for users and hopefully eliminate the need for admin assistance on that issue.

I'm happy to install and test on a beta site, but would prefer not to use pre-release extensions on production site if I can avoid it.

Thanks in advance!
In some weeks I will be using this on my live board and then the plan is that after a while it will go to RC.
User avatar
janus_zonstraal
Registered User
Posts: 6418
Joined: Sat Aug 30, 2014 1:30 pm

Re: [3.2][BETA] Email Only Password Reset

Post by janus_zonstraal »

I think it is now the standard in phpbb3.2.5 (only emailadress )
ucp.php?mode=sendpassword
Sorry! My English is bat ;) !!!
User avatar
martti
Registered User
Posts: 911
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Email Only Password Reset

Post by martti »

janus_zonstraal wrote: Sat Mar 02, 2019 11:03 pm I think it is now the standard in phpbb3.2.5 (only emailadress )
ucp.php?mode=sendpassword
Ah yes, indeed. I thought I read that somewhere. So this extension is not needed anymore.
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Re: [3.2][BETA] Email Only Password Reset

Post by 2600 »

Yeah, I just came here to say that. phpBB now requires an email address for password reset.
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
User avatar
martti
Registered User
Posts: 911
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Email Only Password Reset

Post by martti »

As this functionality is now in the core of phpBB since 3.2.5 this extension is discontinued.
Locked

Return to “Abandoned Extensions”