There is something strange with Lost password option which we encountered after installation of OJS2.4.7-1.
If user forgets the password, he/she can request from OJS to reset password by sending the corresponding link by email message. By clicking this link the user is redirected to the page where new password can be entered. But the problem is that the systems also asks for the old password to be entered before changing it?! This looks illogical since users ask for the new password because they forgot the old one.
Could this be a problem of erroneous installation of OJS247-1 ?
I would like here to explain the problem in more details.
We upgraded recently the OJS237 version into OJS247-1 version. During the upgrade, various tpl files were not correctly upgraded. We sorted out a lot of issues and now the system works more-less well.
Now we are facing the problem during password reset by the user.
This is how the procedure works in correctly installed system:
- user clicks “Forgot your password” link.
- system sends a Password request confirmation link to the user’s email address
- By clicking the link in the email new password is generated and sent to the user’s email address
- using this newly generated password the user logs in and on the page “/login/changePassword/username” chooses the new password.
In our system there is no step 3 and system jumps immediately from step 2 to step 4. The same page is displayed here but with slightly different URL: “/login/resetPassword/username?confirm=…”.
I would appreciate very much if somebody could help us to figure out what the problem is.
Are you quite sure the incorrect upgrade was limited only to the template files you found? The recommended upgrade method using the first option “Full Package” helps to avoid some of the pitfalls of partial upgrades such as you describe.
If you don’t have any local modifications or unintentional code changes, you might also be describing the difference between the “traditional” and the “1-step” password reset method.
This is toggled in:
User Home → Site Administrator → Site Settings → Use a single step for password resets?
In the traditional password change method, a link is emailed, and if the user clicks on the link, a new password is emailed.
In the 1-step method, a link is emailed, and if the user clicks on the link, they will see a form where a new password can be entered.
Thank you very much for your response.
Yes, we had some problems with upgrading since we wanted to keep our website appearance. In fact, this was a nightmare. Our developer modified several tpl files and wanted to keep them in the upgraded version. Now the system works more-less properly except some bugs, like this one, occasionally pop up.
I’ve tried to find the traditional/1-step password reset on the location you explained but I was unable to find it?! There are several fields in Site Settings starting with Form language and ending with Metadata harvesting registration. Do I miss something?
But I really do not have it. There are a couple of fields missing:
This should be a part of 2.4.7-1:
I strongly recommend re-running the upgrade using the “Full Package” method, and then reapplying any customizations you deem important on top of the stock install. It looks like you are still out-of-sync with the base package.
Thank you very much for this help !
I reinstalled all tpl files in templates/admin folder and now it works perfectly.
I knew it was the problem with tpl files but I did not know which one.