User Tools

Site Tools


faq:ecomm_password_reset

Allowing Users to Reset Their Passwords

Invariably, users will forget the password that they entered when they created their account on your site. Provided that their e-mail address is still valid, the Windward E-Commerce System can send a customer a special link that they can use to reset their password.

Step 1: Send user_password_auth action

The first step is to give the user a link that they can click that sends the e-commerce system the user_password_auth action. This link should be located somewhere near the login form that you show the user so that they can easily find it when they realize that they no longer remember their passwords. An example of such a link appears below:

 <a href="<ww:my_url>&action=user_password_auth">Forgot your password? Click here!</a>

Step 2: Create the password request form

The next step is to display a form to the user to let them enter either their username or e-mail address. This form is stored as user_passwordkey_request_form and should be visible under the User section of the Appearance menu of the site admin page. The form field that the user enters their username or e-mail address into should be named user, and the form should submit the user_password_auth_submit action.

 <ww:form_header>
    <input type="hidden" name="action" value="user_password_auth_submit">
    User Name: <input name="user" type="text" size="24" maxlength="24">
    <input name="Submit" type="submit" value="Submit">
 </form>

Provided that the username or e-mail address is valid, the e-commerce system will send an e-mail to the user that contains a link that they can either click or copy and paste into the location bar of their web browser. The link returns the customer to your web site where they can enter a new password.

Under the hood, when the e-commerce system receives a password reset request it writes a special key to the database that tells the e-commerce system that the user has permission to reset their password. Without this key, a user cannot change their password.

Step 3: Create the password reset form

The password reset form is called user_password_reset_form and should be visible under the User section of the Appearance menu in the site admin program.

The form that must be displayed to the user is more complicated that the password reset request form: the form must send the action user_reset_password_submit, and in the request it needs to include the password reset key (assigned to the user when they submitted their password reset request). The field for this value should be hidden, and named 'key'. In addition, the form needs to give the user two fields: the first lets them enter their new password, the second is used to confirm that the value that they entered in the first has no typos. These fields should be named 'password' and 'confirm' respectively.

 <ww:form_header>
    <input type="hidden" name="action" value="user_reset_password_submit">
    <input type="hidden" name="key" value="<ww:password_reset_key>">
    New Password: <input name="password" type="password" size="24" maxlength="24">
    Confirm Password: <input name="confirm" type="password" size="24" maxlength="24">
    <input name="Submit" type="submit" value="Submit">
 </form>

The e-commerce system checks to ensure that the password and confirm fields match and that the password reset key is valid. Provided these conditions are true, it writes the new password to the user's record in the database and they should be able to log in to their account.

faq/ecomm_password_reset.txt · Last modified: 2008/02/07 11:11 (16 years ago) by admin