1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Password retrieval?

Discussion in 'XenForo Pre-Sales Questions' started by HydraulicJack, Sep 25, 2010.

  1. HydraulicJack

    HydraulicJack Well-Known Member

    If a user has registered but forgets their password, how do they retrieve or reset it?
  2. Trevor

    Trevor Active Member

  3. Brandon_R

    Brandon_R Guest

    Can we disable that we can type a user's name? It's public info and anyone can send password resets to admins etc. It isn't a security issue just can become an annoyance.
  4. HydraulicJack

    HydraulicJack Well-Known Member

  5. OperaManiac

    OperaManiac Well-Known Member

    mmm. password reset mails are send to users not admins! the new passwords are generated automatically and admins are not involved in any way!
  6. dutchbb

    dutchbb Well-Known Member

    The link is showed after you filled in a wrong password or username/mail:

  7. Brandon_R

    Brandon_R Guest

    I must of not explained myself clearly, it happens lol. Can we disable typing in a username in the reset form and only enable an email to to typed in?

    go to the form and see how it is and you can see how it is now.
    Anthony likes this.
  8. OperaManiac

    OperaManiac Well-Known Member

    i just tested it out. it seems like any other password request form i have seen on the web!

    it does not show a dropdown with matching user names which i feared you were talking about.

    having both username and email id is a good thing imo.

    if a user lands on your forum... he might not remember the email id he used to register on the forum. so username comes handy.

    i actually know a couple of people who do not use their primary email id for forums.

    they would use something like:


    this works fine because gmail would still send the mail to username@gmail.com but since it has the keyword in it, you can easily filter the emails based on that parameter.

    the reason behind using this form of email id is that you can recognize the company that sold your email id to spammers if you start getting spam on it!
  9. Floris

    Floris Guest

    Even if someone fake resets it, they don't have access to your email, so nothing to reset.
  10. OperaManiac

    OperaManiac Well-Known Member

    righto. nothing happens as long as the user does not click a link in the mail that is delivered to the user.

    i actually have seen some services that would send you a new password on this step! i cannot pinpoint any specific one at this time but yeah there are definitely some services out there!
  11. HydraulicJack

    HydraulicJack Well-Known Member

    Hmm seems like we should have the option to show the forgot password link without the user taking that step.
    Some people arrive knowing that they don't know their password so they don't enter any.
    I already have one prospective user who tripped up on that and so did I!
  12. Brandon_R

    Brandon_R Guest

    Cool. Thank you for explaining it to me. I appreciate it.
  13. Trevor

    Trevor Active Member

    No problem.
    If you entered your password wrong, you would have found it.
    HydraulicJack likes this.
  14. HydraulicJack

    HydraulicJack Well-Known Member

  15. James

    James Well-Known Member

    Does gmail still have this? We can add the +whateverwewant and it still goes to our e-mail?
  16. OperaManiac

    OperaManiac Well-Known Member

  17. James

    James Well-Known Member

    Yeah, just tried. Gmail filters basically any characters that they disallow it seems?
  18. OperaManiac

    OperaManiac Well-Known Member

    cannot say about any other character. but . is pretty commonly used. :)
  19. Erik

    Erik Well-Known Member

    Not exactly. Periods ('.') are filtered such that you can add them in an address and it won't affect anything. example.user@gmail.com is effectively the same as exampleuser@gmail.com or e.x.a.m.p.l.e.u.s.e.r@gmail.com.

    You can append strings to the address using the plus character ('+'), and any email sent to this address will be received by the original account. For example, you can do exampleuser+anythinghere@gmail.com. The email will be received as if it was sent to exampleuser@gmail.com. However, the to: header still shows exampleuser+anythinghere@gmail.com, which allows you to do some powerful filtering within Gmail. :)
    James likes this.
  20. OperaManiac

    OperaManiac Well-Known Member

    mmm this is what i said above!

    what i meant was that u cannot use + in the place of . and . in the place of +!

    the +xyz trick is mentioned above!

Share This Page