We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
    • 29059
    • 88 Posts
    hello folks,

    i mentioned this over @ https://forums.modx.com/thread/99941/login-register---404-error?page=3#dis-post-541118
    ...but since it's off-topic from that, i'm creating this new topic.

    i've discovered (after getting all the complaints & having to fix manually all the people who's having this problem) that the "Forgot Password" option auto-generates an 8 character password. but it never works to sign-in with because i have all my validation set to 10 characters.

    i would prefer not to have to drop my password registration/login validation to 8 characters, but if there's no solution, i realize i'll have to.

    so i went hunting first & found in the System Settings > Core listing a couple parameters that seem to me should fix this to my preference... but they aren't working.
    they are...

    so i changed them to 11 & 10 respectively. but the forgot password emails STILL are only sending 8 character passwords.

    am i missing something?
    thanks!!!

    This question has been answered by sottwell. See the first response.

    [ed. note: syberknight last edited this post 8 years, 1 month ago.]
      • 29059
      • 88 Posts
      anyone? no one?
        • 46886
        • 1,154 Posts
        Hmm this is interesting, I guess Revo system settings not being passed to login...
          • 29059
          • 88 Posts
          Quote from: nuan88 at May 03, 2016, 06:22 AM
          Hmm this is interesting, I guess Revo system settings not being passed to login...

          hi Nuan88,

          yeah, i find all the interesting issues, huh?! ;-)

          i am stumped, yet again. i've searched these forums, the modx site, & many many many google results pages. not found anything about this. the only similar things that mention it is that it's there & can be used.

            • 29059
            • 88 Posts
            anybody? nobody? Bob? devs?
            • discuss.answer
              The only thing you can do is hack the Login core/components/login/model/login/login.class.php on line 188 and change that default value.
                  public function generatePassword($length=8) {


              It really should get that default value from the System Settings.
                Studying MODX in the desert - http://sottwell.com
                Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
                Join the Slack Community - http://modx.org
                • 3749
                • 24,544 Posts
                I can confirm that Susan's solution is the best way to do it. The only other way would be to alter the generatePassword() call in line 210 of ForgotPassword.php and that wouldn't affect other possible places where the function is called.

                The good news is that the Login package is very seldom updated, though personally, I wouldn't mind seeing it rewritten from scratch. wink
                  Did I help you? Buy me a beer
                  Get my Book: MODX:The Official Guide
                  MODX info for everyone: http://bobsguides.com/modx.html
                  My MODX Extras
                  Bob's Guides is now hosted at A2 MODX Hosting
                  • 29059
                  • 88 Posts
                  @sottwell: THANK YOU SO MUCH!!! i've changed that & it's working fine.

                  @BobRay: THANK YOU TOO for the confirmation.

                  BUT NOW, how do you guys deal with people who sign up, but don't click the activation link before it expires?
                  do you send them to RE-REGISTER or send them to the FORGOT PWD option?


                  if RE-REGISTER... wouldn't that then conflict with the non-activated account they've already created?

                  if FORGOT PWD... after testing, this option does not "Activate" the user, only resets the password. so how would you get this to also Activate them?

                  i've had my hands full this week'n'last with people who fit this scenario & i'm having to go in & manually "Activate" them AND reset their password.

                  Also, BOBRAY... how viable is your "Subscribe" Extra as a full replacement for the "Login" Extra? does it do all the same features?

                  THANKS!!!
                    • 3749
                    • 24,544 Posts
                    The Register process creates the user, complete with username and password, so if you just manually activate the user, they should be able to log in with their original username and password. so far, I've almost never had to reset anyone's password.

                    Subscribe is mostly just a wrapper for the Login extra's registration process. It doesn't really replace it. It's just intended to make it easier to set up and to add the option of user-selected interests and group membership.
                      Did I help you? Buy me a beer
                      Get my Book: MODX:The Official Guide
                      MODX info for everyone: http://bobsguides.com/modx.html
                      My MODX Extras
                      Bob's Guides is now hosted at A2 MODX Hosting
                      • 29059
                      • 88 Posts
                      Quote from: BobRay at May 05, 2016, 04:58 AM
                      The Register process creates the user, complete with username and password, so if you just manually activate the user, they should be able to log in with their original username and password. so far, I've almost never had to reset anyone's password.

                      Thanks for the reply Bob!

                      yeah, i know i can manually activate users as well as reset their passwords from the Manager. i'm just trying to figure out a way to not have to do that.

                      i had a few issues out-the-gate and had a TON of users i had to do both for. i THINK i've gotten those issues fixed, but it'd still be nice in case there are further problems, if i could just direct people what to do instead of do it myself.

                      i have figured out via testing that if a user fails to click the activation email/link before it expires, that they 'can' simply re-register & do it again just fine. but that poses 2 potential problems that i can see...
                      1) what if they don't use the same information (username/email), then there could be left a dead account in the system; which is only a big deal for my OCD ;-)
                      2) they could decide that it's too much trouble & go away altogether.

                      ideally (i think), there should be some way for either the Forgot Password to be able & activate an account when its link is clicked, or have a separate mechanism/option to resend the activation link if user enters an email address that matches a non-activated account.

                      do you know of a way to accomplish this (within reason)?

                      also, thanks for the info on Subscribe.