{changepwd:reader_slice_id:from_email}

Description

Renders a complete self-service password-reset flow for front-end user (reader) accounts, driven entirely by request parameters. With no parameters it shows a form asking for the e-mail. When the reader submits it, changepwd looks them up by username or e-mail in the reader slice and mails a key link that is valid for two hours. Opening that link shows a new-password form; submitting it changes the password once the key is valid, the two entries match, and the password is at least six characters long. The first parameter is the reader slice ID and is required: if it is not a valid 32-character ID the expression prints nothing. The optional second parameter sets the From and Reply-To address of the reset e-mail; without it the install error-reporting address is used. To set a new password for one named user without rendering any form, use the sibling command changepwdsendmail, which mails the key link and returns 1 on success.

Parameters

reader_slice_id required default (none)

The 32-character ID of the reader slice that holds the front-end user accounts. Front-end users (readers) are looked up here by username or e-mail. If this is not a valid slice ID, the whole expression returns an empty string.

from_email optional default ERROR_REPORTING_EMAIL (install setting)

Sender (From / Reply-To) address for the password-reset e-mail. When omitted, the install's configured error-reporting address (ERROR_REPORTING_EMAIL in config) is used.

Examples

virtual{changepwd:55f9aef0a4d2772a0c2dc31b67f2b9c1:noreply@example.org}

Expected(the same form; reset mails come From noreply@example.org)

Actual

The second parameter sets the From / Reply-To address of the reset e-mail. Without it the install error-reporting address is used. The rendered form looks the same; the address only matters once a reader submits and the key mail is sent.

test{strlen:{changepwd:not-a-valid-slice-id}}

Expected0

Actual0

The first parameter must be a 32-character reader-slice ID. When it is not (here a placeholder), the whole expression returns an empty string, so {strlen:...} is 0. This is the guard that keeps a misconfigured template from printing a stray form.

virtual{changepwd:55f9aef0a4d2772a0c2dc31b67f2b9c1}

Expected(the Forgot-your-password e-mail form)

Actual

Put this on a public page (a view spot or a slice template) and it renders the whole password-reset flow for the reader slice 55f9aef0a4d2772a0c2dc31b67f2b9c1. With no request parameters it shows the first step: a form asking for the e-mail. Output is request-state-dependent HTML, so it is illustrative, not asserted.

virtual{changepwd:55f9aef0a4d2772a0c2dc31b67f2b9c1}

Expected(state 1: the e-mail form)

Actual

One expression drives the whole flow by reading request parameters. No params: the e-mail form (shown here). After submit (aapwd1): it looks the reader up by name or e-mail and mails a two-hour key link. Following that link (aapwd2=key-userid): the new-password form. Submitting it (aapwd3 / aapwd3b): the password is changed if the key is valid, the two entries match, and it is at least 6 characters.

← All expressions