XF 2.2 How to force a password reset on a large group of users?

dougdirac

Active member
I'm getting spam from older inactive accounts. Likely they reused the password somewhere. Is there a way for force a password reset on users that have been inactive for a a given amount of time?

If not in the ACP, then through a DB query?
 
you should be able to do it using batch update users manually. above addon is pretty useful to automate the process to do it regularly.

basically search for users who haven't logged on till x number of days. and then mark those accounts for reset password.
 
you should be able to do it using batch update users manually. above addon is pretty useful to automate the process to do it regularly.

basically search for users who haven't logged on till x number of days. and then mark those accounts for reset password.
Does that then send an email to all of them?
 
So it doesn't automatically send out an email?
That would be my preference.

What's the difference between "User must reset password" versus "User must change password"?
 
it is a bit confusing for me as well. i believe reset password would require user to have access to connected email account so this is better.

second option is more of a precautionary change like you just prefer if they would change their password. this would be kind of useless in case of hacked accounts.


User must change password will force the user to enter their existing password and create a new, different password when they next log in to their account.

User must reset password forces the user to reset their password by responding to a message sent to their registered email address.
 
it is a bit confusing for me as well. i believe reset password would require user to have access to connected email account so this is better.

second option is more of a precautionary change like you just prefer if they would change their password. this would be kind of useless in case of hacked accounts.

Exactly, but no email is sent. To do so add them to a group then send the group an email.

eu1.webp

eu2.webp
 
So it doesn't automatically send out an email?
That would be my preference.

What's the difference between "User must reset password" versus "User must change password"?
In my case, thousands of users had old/bounced emails. Mass emailing might be a bigger headache than it's worth.

I did a forced password reset to over 150k members in Aug 2021, and STILL get a user every week/two that is looking to log back in, but their email is no longer accessible. Those first couple weeks were non-stop. At the 6-month point, 25k users had reset their password.
 
Yeah, I specifically didn't want to send out a mass email. Just have an email triggered when/if they try to log in.
That's exactly what happens, a password reset is automatically sent to their inbox WHEN they visit the site.

DO be sure that ALL accounts can use the "contact us"....XF fails at permissions when it comes to users that fall within the "security lock" parameters. I ended up with a dismissable notice with WHY their password no longer worked, and contact info should their email be no longer accessible.
 
DO be sure that ALL accounts can use the "contact us"....XF fails at permissions when it comes to users that fall within the "security lock" parameters. I ended up with a dismissable notice with WHY their password no longer worked, and contact info should their email be no longer accessible.
Hmm... so how do you do that? I do notice the Contact Us link doesn't work for accounts that got the reset. Also how do I show a notice to just locked accounts.
 
Back
Top Bottom