: Can the password recovery function of Drupal be configured to only ask for email address? (I originally asked this question in webapps.stackexchange.com.) By default, in Drupal, when we provide
(I originally asked this question in webapps.stackexchange.com.)
By default, in Drupal, when we provide a "set new password" form, the form asks for either a site username or an email address. If the user provides either a username or email address associated with a valid account, they get an email (at that address) with a link that allows them to set a new password.
We'd like to ensure that all of our users are using a current email address, and to that end we'd like to turn off the ability to put in a username. When the user puts in a username, it may send a message to an old email address but return a "We're sending you email" to the user. If they put in an email address which we don't have, it gives them an error message, which alerts them to the fact that they haven't kept us up to date (and makes them get in touch with us by email).
Can we restrict that to only ask for email?
More posts by @Looi9037786
1 Comments
Sorted by latest first Latest Oldest Best
If you are asking whether this can be configured in the administrative backend, then no, you cannot do this, the respective functionality is currently hard coded within user_pass_validate().
However, you are probably aware already that one of Drupals strength is the relative ease in which it can be programmatically customized or extended via modules. I'm not aware of an existing one doing just this (though one might exist eventually, the respective list related to User access/authentication is pretty huge), but here is what a developer could do:
Customizing and Overriding User Login page, Register, and Password Reset in Drupal 6
This deals with the UI side of things, i.e. following the explanation and providing alternate forms as desired (see Form API Quickstart Guide) would allow to remove the hint on entering the username already, though it could still be successfully entered for those in the know.
To actually turn off the ability to put in a username one would need to override the existing form validation function user_pass_validate() with a custom copy that simply skips the respective check, i.e. remove the code which tries to load the account by name (see section Validating Forms within Form API Quickstart Guide for a starting point).
For a more detailed answer (i.e. a usable implementation, if you are lucky) I need to refer you again to yet another Stack Exchange site: you might ask for this via the Drupal tag on Stack Overflow ;)
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.