We are hoping to change our forgot password setup to send the user a token instead of a password in the email. We are using SendCredentials to send the token to the user. Once the token is sent, the user clicks on the link and is logged back in (using LoginEx2).
The challenge we are having is to allow the user to reset their password, the API (UpdateLogin) requires their current temporary password. From what I can tell, there is no method to get the temp password from the token to send it back to the API.
I might be missing something, but I've been spinning wheels on this for a few days.
Is there a method to let the user reset the password without passing the temp one in? Or is there a different method we should be using? Any info on this would be appreciated.
Thanks,Patrick
So, I think the way to do this is:
1) sendCredentials
2) LoginEx2 (with the token from the email)
3) getVariables to grab the old password
4) UpdateLogin
It seems like 4 API calls is a bit of effort just to reset the password. Is there a different method that anyone would recommend?
That was the quickest way to do it as far as I could see. I am sure that some sort of custom call would be a million times more efficient.
We have just noticed that this functionality changes in V12.
The password is no longer stored in Session Variables.
The Updatelogin script, however, will allow the old password to be blank for sessions that have used the login token.Looks like we need to change out update password page to askthe user to enter their old password.
Mark