System generated customer password reset doesn't work

[macaldecourt]

Hello,

 

We are running PrestaShop 1.6.1.3

 

We have customers who use the "forgot password" link and when they receive a system generated password to unlock their account, the system won't accept it all.  They have to call in and I reset the password from the admin back panel.

 

So, basically the reset password function is utterly useless to us.  The customer has to call anyway. 

 

Is there a fix for this??? 

 

Thank you,

Megan Caldecourt 

[macaldecourt]

Hello,

 

Thank you for your reply.  How does setting the delay higher solve the problem?  Is the password expiring before they get a chance to use it? 

 

Right now it is set to 3 minutes.

 

Thank you,

Megan Caldecourt

[mcaldecourt]

That makes sense!  Thanks much for the information.  I have reset the delay and hopefully the problem is resolved.  Great when there is an easy fix!   

[Chandler123]

I'm experience same problem with Prestashop 1.7.3,  password reset delay set to 360 but password reset link is expiring in few seconds. None of our customers are able to reset the password, Any help please?

 

 

 

[mcaldecourt]

Hello,
I am still running 1.6, so I don't know exactly how to solve your problem, since you have the new platform.  But we finally had a developer change the system completely so that it would e-mail the customer with a link to a page where they would enter the new password and it would reset immediately.  We were still having all kinds of complaints before we made that change.

Someone gave us a link to this module: https://addons.prestashop.com/en/website-security-access/29907-simple-password-reset.html which I think will essentially do the same thing.  I have not tried it on our website yet, but I plan to.  

Hope that helps.
Megan

[Moryl]

On 7/11/2018 at 12:23 AM, Chandler123 said:

I'm experience same problem with Prestashop 1.7.3,  password reset delay set to 360 but password reset link is expiring in few seconds. None of our customers are able to reset the password, Any help please?

 

 

 

Hello Candler,
did you solved your problem? I'm experiencing the same problem. Hope you can help me.
Thanks in advice!

[tlakdev]

This prestashop product has a lack of support and contains many bugs, I can't believe something as simple as a password reset does not work.

Anyhow, after tracking the issue, it appears that prestashop successfully generates a reset token and reset expiry, also can send out the email but...

Fails to save the record to the database, then provides a obscure message stating if the email exists then you have a link, that is fine as probably they want to hide usernames from someone trying to abuse the system, but when the issue is internal, there should be a clear message stating, hey, all worked fine but I was not able to save the record because xyz.

 

In my case it was this

'siret'      => array('type' => self::TYPE_STRING, 'validate' => 'isGenericName'),

and had to change it to this

'siret'      => array('type' => self::TYPE_STRING, 'validate' => 'isGenericName', 'required' => false),

But the message never states the field is missing, moreover, how is a customer supposed top update that required value (which maybe a newly required value) if the customer can't even access his/her account?

In my opinion, prestashop developers should, before working any further in this product, make the very basic functions work properly, and make them independent of any other functions, a password reset should NOT require any other fields to exists, even if they are required.

 

 

[Digital Human]

#Solution

1) Open  PasswordController.php

2) Goto line 74. Paste the below code (Reset to nothing) just below: 

$customer->stampResetPasswordToken();

//Reset to nothing
$customer->passwd = $this->get('hashing')->hash($password = md5(random_bytes(1024)), _COOKIE_KEY_)

3) Make sture that: $customer->update(); comes right after the line above.

Should work now.

 

Edited March 10, 2020 by Digital Human (see edit history)

[AlexLm]

Hi everyone, do you guys know if it is possible to invite all my customers in my database to retrieve their passwords ? I just imported my customers database and I did set a new password for them so I want them to set their own password

[AlexLm]

Will it make them reset passwords ? I need to send them a mail allowing them to directly reset their password

[AlexLm]

I already have a system that allows me bulk send emails to my existing clients. The only thing I cannot include is a link to allow my clients to reset their password and I cannot find any related topic...

[Arthur BraaiBQ]

On 3/10/2020 at 12:36 PM, Digital Human said:

#Solution

1) Open  PasswordController.php

2) Goto line 74. Paste the below code (Reset to nothing) just below: 

$customer->stampResetPasswordToken();

//Reset to nothing
$customer->passwd = $this->get('hashing')->hash($password = md5(random_bytes(1024)), _COOKIE_KEY_)

3) Make sture that: $customer->update(); comes right after the line above.

Should work now.

 

Hi

All my mail is working fine from the website (user reg, order emails etc)- the only thing that is NOT working is the password reset - no email is sent to the user. The frontend says the password reset was successfully sent though.

Tried the code you pasted above but it just breaks my password reset page. I'm using Prestashop 1.7.7.3

Any idea where I should look to as far as this problem goes? 

Thanks

[kungmats]

On 3/29/2013 at 7:10 PM, tdr170 said:

I posted this above the trick is to know the correct path from you host to the cgl-bin folder which should be in the root of your directory.

The file that need to be edited is the PHP.ini file and is possibly accessible from your control panel if not then call your host again and ask them to set the sessions.save_path in the PHP.ini file.

Thank you very much!

This helped me after struggling for hours with the same problem.

The only difference was I made an update from 1.7.8.8. to 8.0.1

🤩