We were recently upgraded and since the upgrade have been having issues with people trying to recover passwords. I thought the error was mine, as the email sent when requesting password reminder did not actually contain the password, but after doing some searching have read that this is a security "fix" in this version. I also read to have folks redirected to reset password page, rather than resend password since it is not stored, but how can they reset password if they have forgotten in in the first place? I have people email me directly and I go in a set a temporary password, which I then email to them so they can log in and manually reset, but this is not a good fix. What am I missing here? If they can no longer retrieve password via the "Forgot your password" link, and they cannot reset without entering their current password (which they have forgotten) what are they supposed to do? Thank you for your help!
Hello, Current password is not necessary at all to reset password. Do you mind to contact us in helpdesk? We will check what is wrong with your installation: https://www.amember.com/support Best Regards.
As a test I used your forgot password link here on this website, to see how it works, then saw the "sendpass" text and searched that... I changed the email that we send for forgot password to the following link: http://www.toletown.com/amember/login?sendpass but it gets sent to them exactly like that... the email I got from your website had extra characters on the end. So, when they click the link it just takes them in a circle, back to the page they just came from.
You need to use placeholder %url%. aMember replace this placeholder with actual link with secret token. User can use this link and set new password.