tags:

views:

71

answers:

2
Q: 

Drupal reseting user Password

I have a client who is not liking the fact tht he can't see users passwords so he can send them it if they forget it. It's for a small church website. Like most people here I don't think he should be able to seethe password as it is not secure. What I would like to do is give him a button that he can press so that he can direcrley reset a users password and for the new password to be emailed to them. Is there a module that can do this?

+2  A: 

You don't need a module for that, it's built in functionality. The site owner can, just like the users themselves, enter the username or email address on www.example.com/user/password. The user will get a mail with a one-time login link. After following that link, the user can choose a new password.

By the way, tell your client that storing the passwords in plain text is not a good idea. He may be an honest and trustworthy man, but a small security problem could expose all the user's passwords and they will hold him accountable.

marcvangend  2010-02-15 11:16:32
I 100% agree about not storing the password in plain text. I just need to find a compremise.The only problem this way is he can't set the password or the password is not auto generated. We need to hope the end user clicks on the link in the email in the next 24 hours.
James  2010-02-15 12:02:49
I don't see the problem. You can't force end users to use the site anyway. If they don't click that link within 24 hours, so be it. If your site is user friendly and well designed, a user will be able to request a new login link. If the site offers what the users need (content, usability, functionality), they will figure out how to log in and they will come back. If people do not use the site, don't change their passwords, but improve the site.
marcvangend  2010-02-16 09:14:22
A: 

If you want to make a 1 click send new password button, you could do that with a form, that you place in the user's profile.
You can just make output the form that Drupal uses to request a new password (formid = user-pass), and pre fill it with the username and hide the input field, so he only sees a bottom. It would be same effect as going manually typing the user name in the built-in Drupal solution like marcvangend suggests, so this solution would be a bit more user friendly.

googletorp  2010-02-15 12:51:04

related questions

What are some good security questions?
What's a good alternative to security questions?
Protect embedded password
How do you generate passwords?
Should I impose a maximum length on passwords?
How best to generate a random string in Ruby
What is the best way to check the strength of a password?
In a client-server application: How to send to the DB the user's application password?
How does your company manage credentials?
Replacing plain text password for app
How to implement password protection for individual files?
Password generation, best practice
Unique key generation
Generating Random Passwords
Oracle lost sysdba password
How does one decrypt a PDF with an owner password, but no user password?
Storing Windows passwords.
How do I avoid having the database password stored in plaintext in sourcecode?
How do I write Firefox add-on that automatically enters proxy passwords?
How to store passwords in Winforms application?
Two-way password encryption without ssl
Disable browser 'Save Password' functionality
Simple password encryption
Best way to store a database password in a startup script / config file?
Encrypting Passwords