Password Reset - Quick Nasty Fix
Posted: Tue May 03, 2011 3:06 am
As we all know, the password reset feature in ISC leaves a little to be desired.
After a lot of testing I can confirm that the most likely cause of your customers not being able to successfully login with their new password is this:
The customer selects, copies and pastes the new password that was emailed to them into the website. When they select the password there is a trailing space that almost always gets automatically selected. The website wont allow them to login because technically the password they have copied is incorrect.
Its actually quite fiddly to select ONLY the password and not the extra trailing space. (see screenshot - password.png)
THE EASY FIX:
Edit your language file (located in: /language/en/front_language.ini)
Find the following line:
change to:
After you have made this change, customers will be able to select JUST the password, without the trailing space.
Ideally, some smart cookie at Interspire will see this post and realize that the website login code should be stripping whitespace from the beginning and end of any password entered into the site (as well as sanitising the password for security reasons) - This would solve this issue properly. Until then, this fix will certainly help.
After a lot of testing I can confirm that the most likely cause of your customers not being able to successfully login with their new password is this:
The customer selects, copies and pastes the new password that was emailed to them into the website. When they select the password there is a trailing space that almost always gets automatically selected. The website wont allow them to login because technically the password they have copied is incorrect.
Its actually quite fiddly to select ONLY the password and not the extra trailing space. (see screenshot - password.png)
THE EASY FIX:
Edit your language file (located in: /language/en/front_language.ini)
Find the following line:
Code: Select all
ForgotPasswordEmailConfirmed = "Your new customer account password at %s is <b>%s</b>"Code: Select all
ForgotPasswordEmailConfirmed = "Your new customer account password at %s is <b>%s</b><br>"Ideally, some smart cookie at Interspire will see this post and realize that the website login code should be stripping whitespace from the beginning and end of any password entered into the site (as well as sanitising the password for security reasons) - This would solve this issue properly. Until then, this fix will certainly help.