Password Reset Form and legacy users

[flattmatt]

Hello
We can't be the only people with this issue - but all of our 5.5 legacy users cannot receive the password reset form if their username is not an email address.
So, if I'm Bob Smith, and my username is bsmith - when I attempt to use the password reset form, it says it sent an email to 'bsmith' and I never receive an email.

This is pretty important as we have increased the password strength on our new site and many of the customers need to use this reset form.

Any ideas or anybody else fixed this problem?
Thanks!

[mazhar]

What is your application version? Also make sure your SMTP settings are working. Just tried this on my local 7.0.3 install, password reset Email sent and received properly.

[flattmatt]

Thanks for the reply
PLATFORM: ASP.NET
VERSION: 7.0.3
BUILD: 12458
MSSQL v2008
AC SCHEMA v2000

When you say you tried it - you used a legacy name with no email for the username?

It still doesn't work for us, and we have an added problem - if I go in and change one of these "no email" username's email, I receive this message:

* The given email address is not registered.

So basically one gives me a success message (old username that is not an email) but I receive no email.

The other one gives me this error once I log into the account and change the email address (not the username)

I'm sure our SMTP settings are working - as if I log in as a user that has email (user@domain.com) for the username, I receive the reset form each time.

This is really causing alot of headaches and money loss, as people are not placing orders until they email or call us - or get scared something is wrong with our site and just leave.

Thanks

[jmestep]

I see the problem in the loginDialog.ascx.cs
If you enter a user name that is not an email address, it gives you an error "The given email address is not registered."
and you can't go any further because it is looking for a user with the method
UserCollection users = UserDataSource.LoadForEmail(ForgotPasswordUserName.Text);
I made a change in the code and was able to get past that, but you would need to test and see if it creates other problems- it didn't seem to. I've commented out a couple of lines and added one.

Code: Select all

 protected void ForgotPasswordNextButton_Click(object sender, EventArgs e)
    {
        if (Page.IsValid)
        {
            User user = null;
            //UserCollection users = UserDataSource.LoadForEmail(ForgotPasswordUserName.Text);
            user = UserDataSource.LoadForUserName(ForgotPasswordUserName.Text);
            //if (users.Count != 0) user = users[0];
            if (user != null && user.IsApproved)
            {
                user.GeneratePasswordRequest();
                ForgotPasswordPanel.Visible = false;
                EmailSentPanel.Visible = true;
                EmailSentHelpText.Text = string.Format(EmailSentHelpText.Text, user.Email);
            }
            else
            {
                if ((user != null) && (!user.IsApproved)) DisabledUsernameValidator.IsValid = false;
                else ForgotPasswordUserNameValidator.IsValid = false;
            }
        }
    }

I'm going to post a bug on this. We have worked on a site coming from an Able 3 CFM store and importing the users from a membership database they have and all their user names are all the last name of the customer, so they would have a possibility of 60,000 members who couldn't get a password email.

[flattmatt]

Genius!

Well - that fixed both of my issues as described above - seems to work - I'll keep an eye out for any issues, but I tested several different scenarios, and it works great. I even get the actual confirmation that says "user@domain.com" instead of just "user"

Thank You - and I'm glad you are reporting this, as it has cost us manually resetting about 1500 or so usernames so far, who knows how many phone calls, and lost sales as people just didn't get why their usernames didn't work - at least now they can reset them.

I can now add a message onto the form to alert people to just reset the password if they keep getting the user/password error.

Thanks!

[flattmatt]

Found a new problem now related to this. Here is some code from my password reset email response template:

Code: Select all

<p>If you did not request to have your password reset, you can safely ignore this email. We assure you that your customer account is safe.</p>                          <p>The user name associated with your email address is <strong>$customer.UserName</strong></p>    

The $customer.UserName should return the username - but it returns the email address for these customers. The form is supposed to tell me my username and link me to reset my password. All it does is tell me my email address - no help if I forgot my username.

This doesn't look as easy to fix, as this is more backend AC 7 code - right? Is there another variable to use to retrieve the actual username? That should be easy....

[mazhar]

Well if you didn't specified Email address for user name then it should display correct user name. Please have a look at the ac_Users table and make sure that what is value of user name field for account where Email address is being returned for user name property.

[jmestep]

Matt, I sent an email to myself yesterday after changing my username from an email address, and my forgot password email came thru with the username OK. Is the data in your table OK?
Try adding a new user, then changing the username to a non-email address and then doing the lost password request.

[flattmatt]

Hi
Well, it appears to work now - it's even working with an old user. The problem I was having was with the Reset form (not the reminder). I tried pasting the call for the username from the Reminder form - that didn't work, so I changed it back and now it works... (I don't think anybody else touched it...) I'm stumped but happy!
Thanks for all the help!