user forgot password or password lost

Discussion in 'Installation/Configuration' started by Sergio Cesar, May 19, 2018.

  1. Sergio Cesar

    Sergio Cesar New Member

    How can my users recover a lost or forgot email password?
    I try from the ispconfig 3 login screen using the email address again as the user name and I get this:
    The lost password function is not available for this user.
    What exactly one would enter as user name? or email address? it would not work to send an email with a recovery link to the same address they can not login and a security risk to send to any other not preset email address.
    I have tried the old forgot_password plugin from roundcube But it did not work.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess you mix up user passwords with email addresses here as ispconfig client logins are not related to roundcube. The password reset function is for the ispconfig client password, you enter the username of the client here and his email address, the one from client settings, if both match, then he will receive a password reset request.
     
  3. Sergio Cesar

    Sergio Cesar New Member

    Perhaps I have mixed it up. if the password reset function is for the the ispconfig user and not email, the question still persists.
    How can my users recover a lost or forgot email password?
    I am evaluating the possibility to move all my customers to ispconfig, some 1000 or so and the most common request is "How do I reset the password" If i dont provide a forgot password link somewhere I will do nothing but reset forgetful people's passwords.
     
  4. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    unless the client can register email accounts only, he can reset the passwords as he wishes.
    if a user needs a password for his email account from the client, you need to hack a association for yourself and auth as client via api to change password for one of clients email accounts.
    if the client needs his password to login on ISPConfig to change his email account password where he gets his password recovery on,
    you might want to write a solution like described before but using customers paypal email-adress, if any, or ( optional additional field or abusing the outdated icq field ) force clients to enter an external email adress for this cases which is then to be used.
     
  5. Sergio Cesar

    Sergio Cesar New Member

    In short.... There is no way for a user to recover a lost or forgotten password unless I hack ispconfig script and write my own?
    I am very surprised that no one ever asked for such common and very necessary feature.
    The only problem in hacking to fit my needs is that potentially every ispconfig update or new version I may have to hack it again and under the gun with users screaming they cant use the feature. :oops:

    Many thanks for the info and ideas. will continue digging here.
     
  6. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    hmm no, you don't need to edit ISPConfig in any way. You can use the API.

    and my term of user in the above reply was: "a site visitor on the hosted paged of one of your customers".
    I don't see where your issue is, really?
     
  7. Sergio Cesar

    Sergio Cesar New Member

    My issue is simple. it is a must to provide a way for an email user to recover or reset their email password automatically without admin help.
    One can change passwords via roundcube but no "forgot password link" in the main roundcube page and the plugin available for roundcube that does that does not work on ispconfig.
    You suggest hacking to add the way to do that. unfortunately this is not something I am able to do and maintain.
     
  8. nhybgtvfr

    nhybgtvfr Member

    if someone wants their email password reset, they either have an ispconfig login, in which case they can login and change/reset the password themselves anyway.
    or they're part of a company/group and their email admin at their company should have an ispconfig login, and they would ask them to do it for them.
    if they're an individual, and they've used the same domain for their ispconfig account email address as they have configured as their mail domain within ispconfig, then they (and you) have a problem, they should always have an external email address for their ispconfig account, otherwise how do you send them any domain expired/in redemption notices, or invoices, etc if their domain/account expires/gets suspended.
     
  9. Sergio Cesar

    Sergio Cesar New Member

    If they cant remember their password what is the change they will remember the ispconfig login and password? that does not work too well and I end up getting calls to reset password. Not practical from the admin point of view, besides the need to enter each email user as a ispconfig user.
    That they have a alternate email address is a must, that is what the Roundcube forgot_password plugin does and it works great, The user have control of their alternate address like yahoo or gmail, they request a reset link it can be setup to send the actual password token. I have implemented on another system and my reset pw calls are zero, thus the suggestion here.
     

Share This Page