Discussion in 'XenForo Pre-Sales Questions' started by HydraulicJack, Sep 25, 2010.
If a user has registered but forgets their password, how do they retrieve or reset it?
Uh, simple: http://xenforo.com/community/lost-password/
Can we disable that we can type a user's name? It's public info and anyone can send password resets to admins etc. It isn't a security issue just can become an annoyance.
Thanks Trevor! Seems like that link should be available in the log in screen.
Maybe I just overlooked it.
Where did you find it?
mmm. password reset mails are send to users not admins! the new passwords are generated automatically and admins are not involved in any way!
The link is showed after you filled in a wrong password or username/mail:
I must of not explained myself clearly, it happens lol. Can we disable typing in a username in the reset form and only enable an email to to typed in?
go to the form and see how it is and you can see how it is now.
i just tested it out. it seems like any other password request form i have seen on the web!
it does not show a dropdown with matching user names which i feared you were talking about.
having both username and email id is a good thing imo.
if a user lands on your forum... he might not remember the email id he used to register on the forum. so username comes handy.
i actually know a couple of people who do not use their primary email id for forums.
they would use something like:
this works fine because gmail would still send the mail to email@example.com but since it has the keyword in it, you can easily filter the emails based on that parameter.
the reason behind using this form of email id is that you can recognize the company that sold your email id to spammers if you start getting spam on it!
Even if someone fake resets it, they don't have access to your email, so nothing to reset.
righto. nothing happens as long as the user does not click a link in the mail that is delivered to the user.
i actually have seen some services that would send you a new password on this step! i cannot pinpoint any specific one at this time but yeah there are definitely some services out there!
Hmm seems like we should have the option to show the forgot password link without the user taking that step.
Some people arrive knowing that they don't know their password so they don't enter any.
I already have one prospective user who tripped up on that and so did I!
Cool. Thank you for explaining it to me. I appreciate it.
If you entered your password wrong, you would have found it.
Does gmail still have this? We can add the +whateverwewant and it still goes to our e-mail?
yeap. you can in fact use . in your user id and it works!
Yeah, just tried. Gmail filters basically any characters that they disallow it seems?
cannot say about any other character. but . is pretty commonly used.
Not exactly. Periods ('.') are filtered such that you can add them in an address and it won't affect anything. firstname.lastname@example.org is effectively the same as email@example.com or firstname.lastname@example.org.
You can append strings to the address using the plus character ('+'), and any email sent to this address will be received by the original account. For example, you can do email@example.com. The email will be received as if it was sent to firstname.lastname@example.org. However, the to: header still shows email@example.com, which allows you to do some powerful filtering within Gmail.
mmm this is what i said above!
what i meant was that u cannot use + in the place of . and . in the place of +!
the +xyz trick is mentioned above!
Separate names with a comma.