_validateResetPasswordLinkToken
in the Account Controller:
$customerToken = $customer->getRpToken();
if (strcmp($customerToken, $resetPasswordLinkToken) != 0 || $customer->isResetPasswordLinkTokenExpired()) {
throw Mage::exception('Mage_Core', $this->_getHelper('customer')->__('Your password reset link has expired.'));
}
Which in turn calls: isResetPasswordLinkTokenExpired
/**
* Check if current reset password link token is expired
*
* @return boolean
*/
public function isResetPasswordLinkTokenExpired()
{
$resetPasswordLinkToken = $this->getRpToken();
$resetPasswordLinkTokenCreatedAt = $this->getRpTokenCreatedAt();
if (empty($resetPasswordLinkToken) || empty($resetPasswordLinkTokenCreatedAt)) {
return true;
}
$tokenExpirationPeriod = Mage::helper('customer')->getResetPasswordLinkExpirationPeriod();
$currentDate = Varien_Date::now();
$currentTimestamp = Varien_Date::toTimestamp($currentDate);
$tokenTimestamp = Varien_Date::toTimestamp($resetPasswordLinkTokenCreatedAt);
if ($tokenTimestamp > $currentTimestamp) {
return true;
}
$dayDifference = floor(($currentTimestamp - $tokenTimestamp) / (24 * 60 * 60));
if ($dayDifference >= $tokenExpirationPeriod) {
return true;
}
return false;
}
SUGGESTIONS
Double check server time and Magento time zones.
It may be wise to batch the old plaintext passwords and update them to a more standard Magento password to be safest as well.
EDIT
Instead of reinventing the wheel a quick google search turned up a possible candidate to reset the passwords. Source: http://www.christopherhogan.com/2012/02/01/script-to-reset-all-customer-passwords-in-magento/
<?php
/************************
* / '_ __/_ _/_
* ()()/(-( /( ()(/(-
* _/
* since 2007
*
* Created by Foundco
* All rights reserved unless otherwise specified under contract.
* http://www.foundco.com/
* @author Christopher Hogan <mailing address removed>
* @copyright 2012 and beyond.
******************************/
error_reporting(E_ALL | E_STRICT);
$mageFilename = 'app/Mage.php';
if (!file_exists($mageFilename)) {
echo $mageFilename." was not found";
exit;
}
require_once $mageFilename;
Varien_Profiler::enable();
Mage::setIsDeveloperMode(true);
ini_set('display_errors', 1);
umask(0);
Mage::app();
$passwordLength = 10;
/****
If you are just resetting one customer by customer_id:
****/
//$customer_id = 10;
//$customers = Mage::getModel('customer/customer')->getCollection()->addAttributeToFilter('entity_id', array('eq' => $customer_id));
/****
If you are resetting all customers:
****/
$customer_id = 10;
$customers = Mage::getModel('customer/customer')->getCollection();
/****
Now loop through the customers and create the passwords
****/
foreach ($customers as $customer){
// $customer->generatePassword($passwordLength)
// $customer->sendNewAccountEmail();
$password = strtoupper(substr( $customer->getEmail(), 0, 3)).rand(111,999);
$customer->setPassword($password)->save();
$line_data = $customer->getEmail(). "\t". $customer->getPassword();
$line[] = $line_data;
echo $line_data."\n";
}
$content = implode("\n", $line);
// store all the passwords to a file:
file_put_contents('./accounts.csv', $content);
echo "COMPLETE!";
?>
it happened again. I got the solution less than 1 hour after posting the question.
But before posting it I want to say that this looks like a Magento bug to me.
Customers should be able to change their password even if the customer settings have been changed.
The obvious thing to do is to remove the line (and other ones related to it)
$validationErrorMessages = $customer->validate();
from the Mage_Customer_AccountController::resetPasswordPostAction
.
I don't think a full validation is required here since we are changing only the password.
All the other fields can be changed once the customer gets access to his account. (FOR WHICH HE NEEDS A PASSWORD)
But I didn't remove that, in case there is an other reason that I'm missing.
Here is what I did just for this particular case.
Since I only need to skip this validation on the recover password page, I observed the event controller_action_predispatch_customer_account_resetpasswordpost
and just registered a value.
<events>
<controller_action_predispatch_customer_account_resetpasswordpost>
<observers>
<[namespace]_[module]>
<class>[namespace]_[module]/observer</class>
<method>skipDobValidation</method>
</[namespace]_[module]>
</observers>
</controller_action_predispatch_customer_account_resetpasswordpost>
</events>
and the observer method looks like this:
public function skipDobValidation($observer) {
Mage::register('skip_dob_validation', true);
return $this;
}
And I've overwritten the validate
method in the customer model. I didn't find an event for it.
Basically it looks the same as in Mage_Customer_Model_Customer
except for this part.
if ($attribute->getIsRequired() && '' == trim($this->getDob())) {
$errors[] = Mage::helper('customer')->__('The Date of Birth is required.');
}
In my class it looks like this:
$skipDobValidation = Mage::registry('skip_dob_validation');
if (!$skipDobValidation) {
if ($attribute->getIsRequired() && '' == trim($this->getDob())) {
$errors[] = Mage::helper('customer')->__('The Date of Birth is required.');
}
}
Best Answer
I found the solution on another question and noticed that customers were also not able to login without doing a password reset. So I did research and came across this post - Customer Login Doesn't Work in 1.9.
I added this line to the
login.phtml
file:and then pasted
after
Now Customers can login after being logged out and customers can also reset their password as well!