Magento – Mass email customers for a password reset

_validateResetPasswordLinkToken in the Account Controller:

$customerToken = $customer->getRpToken();
if (strcmp($customerToken, $resetPasswordLinkToken) != 0 || $customer->isResetPasswordLinkTokenExpired()) {
    throw Mage::exception('Mage_Core', $this->_getHelper('customer')->__('Your password reset link has expired.'));
}

• http://svn.magentocommerce.com/source/branches/1.9/app/code/core/Mage/Customer/controllers/AccountController.php

Which in turn calls: isResetPasswordLinkTokenExpired

/**
 * Check if current reset password link token is expired
 *
 * @return boolean
 */
public function isResetPasswordLinkTokenExpired()
{
    $resetPasswordLinkToken = $this->getRpToken();
    $resetPasswordLinkTokenCreatedAt = $this->getRpTokenCreatedAt();

    if (empty($resetPasswordLinkToken) || empty($resetPasswordLinkTokenCreatedAt)) {
        return true;
    }

    $tokenExpirationPeriod = Mage::helper('customer')->getResetPasswordLinkExpirationPeriod();

    $currentDate = Varien_Date::now();
    $currentTimestamp = Varien_Date::toTimestamp($currentDate);
    $tokenTimestamp = Varien_Date::toTimestamp($resetPasswordLinkTokenCreatedAt);
    if ($tokenTimestamp > $currentTimestamp) {
        return true;
    }

    $dayDifference = floor(($currentTimestamp - $tokenTimestamp) / (24 * 60 * 60));
    if ($dayDifference >= $tokenExpirationPeriod) {
        return true;
    }

    return false;
}

• http://svn.magentocommerce.com/source/branches/1.9/app/code/core/Mage/Customer/Model/Customer.php

SUGGESTIONS

Double check server time and Magento time zones.

It may be wise to batch the old plaintext passwords and update them to a more standard Magento password to be safest as well.

EDIT

Instead of reinventing the wheel a quick google search turned up a possible candidate to reset the passwords. Source: http://www.christopherhogan.com/2012/02/01/script-to-reset-all-customer-passwords-in-magento/

<?php
/************************
 *    / '_ __/_   _/_
 * ()()/(-( /( ()(/(-
 *   _/              
 *       since 2007
 *
 * Created by Foundco
 * All rights reserved unless otherwise specified under contract.
 * http://www.foundco.com/
 * @author Christopher Hogan <mailing address removed>
 * @copyright 2012 and beyond.
 ******************************/


error_reporting(E_ALL | E_STRICT);
$mageFilename = 'app/Mage.php';
if (!file_exists($mageFilename)) {
    echo $mageFilename." was not found";
    exit;
}
require_once $mageFilename;
Varien_Profiler::enable();
Mage::setIsDeveloperMode(true);
ini_set('display_errors', 1);
umask(0);
Mage::app(); 

$passwordLength = 10;

/****
  If you are just resetting one customer by customer_id:
****/

//$customer_id = 10;
//$customers = Mage::getModel('customer/customer')->getCollection()->addAttributeToFilter('entity_id', array('eq' => $customer_id));

/****
  If you are resetting all customers:
****/

$customer_id = 10;
$customers = Mage::getModel('customer/customer')->getCollection();

/****
  Now loop through the customers and create the passwords
****/

foreach ($customers as $customer){
    // $customer->generatePassword($passwordLength)
    // $customer->sendNewAccountEmail();
        $password = strtoupper(substr( $customer->getEmail(), 0, 3)).rand(111,999);
        $customer->setPassword($password)->save();
        $line_data = $customer->getEmail(). "\t". $customer->getPassword();
        $line[] = $line_data;
        echo $line_data."\n";
}
$content = implode("\n", $line);

// store all the passwords to a file:
file_put_contents('./accounts.csv', $content);
echo "COMPLETE!";
?>

I had the same, but a second error message appeared which said that a required field is not filled out. In general: when anything goes wrong when saving the customer, the said error message "Your password reset link has expired" shows up. So, pay attention to any additional error messages showing up or in your log files.

If you want to find out what's happening in detail, go to the file "app/code/core/Mage/Customer/controllers/AccountController.php" and modify the method resetPasswordPostAction temporarily. Inside the } catch (Exception $exception) { directive, add Mage::logException($exception);. After you have seen the error again, you can find the real error message in the file var/log/exception.log.