Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.

Q2A forget pass process is too complicated for users

+7 votes
200 views
asked Oct 8, 2016 in Q2A Core by htabar
Hi There,

When somebody wants to reset the login password, the process is somehow complicated.

First, a code is sent to the email. Then, the user should click on the link and a new page comes up that asks for the code. After providing the code, another email is sent with the password. Then, the user should go to email and opens the link to login with the new password. Furthermore, if the user wants to change the system-provided pass, he should go to the profile and change the pass.

This process is complicated for a user. If there anyway I can similify this process?
Q2A version: 1.7.4

2 Answers

+3 votes
answered Oct 15, 2016 by Scott

That's a very good point, and not something I'd really thought about. Sending passwords by email is a bad idea too (it does recommend to change it once logged in, but many users may not do that).

The standard process on most websites is:

  1. Click "forgot password" link.
  2. Enter your email.
  3. Click link in email to a page with password form.
  4. Enter your new password.

I'll look at adding that to Q2A in the future.

commented Sep 20, 2017 by q2apro
This is a must-be-changed issue, please give it priority. Thank you Scott. PS: Please get rid of the "insert code" field which confuses the users.
commented Sep 22, 2017 by Scott
This was already implemented and will be in 1.8.
+2 votes
answered Oct 22, 2016 by pupi1985
I haven't paid much attention at password resets in Q2A before but after doing so, I have to agree with you. It makes no sense to send 2 emails. I created a pull request with some changes to the core that should simplify the process a little bit. Images included :) https://github.com/q2a/question2answer/pull/457
commented Sep 20, 2017 by q2apro
Edit: We should get rid of the "insert code" field. This confuses the users because many think it's their new password!
commented Sep 20, 2017 by pupi1985
It is not possible to get rid of it because if the user is not able to open the link from their email client (for whatever reason) they have to input it manually. More info here: https://github.com/q2a/question2answer/pull/457#issuecomment-255596647

Anyway, with this in mind I made sure that there shouldn't be any need to input the code if the user clicks the link, making sure it is fetched from the GET array too: https://github.com/q2a/question2answer/blob/dev/qa-include/pages/reset.php#L45
...