Ability to reset forgotten password via a widget
I wanted to bring this particular topic back to the forefront as I think it is an important one. I found a similar post: http://forums.wildapricot.com/forums/308920-archive/suggestions/8830963-forgotten-password-and-widgets and it does not appear that it ever made it to the Wishlist.
I really does present a problem when a member that forgot their password is redirected to the WA website and not back to our website after they click on the link they receive in the email received. The web pages that I have set up in WA are no where close to what I have on my website for our members. I really don't like the fact that they are now outside our website and on the member page within WA.
There should be a way to have the email link redirect back to the log in page on our site, or even to a log in page in WA that then redirects back to a page on my site. I'm sure this probably doesn't make much sense and I should have probably thought through my question a little better before posting it, but I'm getting a lot of people asking where they are once they click the link in the Email. Because we have existing members the easiest thing for me to do was to tell them to click the forgot password link the first time they sign in so that they would have the link sent to them. Now 1100 + members are being redirected out of one website and into another that they are unsure what it actually is.
Again, I hope this request makes sense. Along with the post that I referenced above, hopefully it does. I also wanted to bring it to the Wishlist as it appears others have the same concerns that I do.
It is a problem with us. Please fix with a widget.
Scott Kolar commented
My comment relates specifically to the WordPress (WP) integration and single sign-on service (SSS) implemented in Release 5.4. The integration has worked to keep the user in the WP site except for password reset. Clicking on the "Forgot password" link on the SSS page goes to reset password SSS page. Entering the email address and clicking on "Reset my password" goes to a third SSS page instructing the user to check their email for further instructions. The problem with this page is that, other than checking email, there are no instructions or indications to the user what they should do from this page. The potential for user confusion is compounded by the reset link in the email, which goes to the WA site. Now the user is out of the WP site without with no obvious way to get back and in the WA site with which they aren't familiar. That is what I was hoping this integration would avoid. Can the password reset process be changed to keep the user within the WP site? Could the email link go back to the single sign-on page or could the email contain a code that could be entered in the single sign-on page?
Katie Fritz commented
As a workaround, I have our Wild Apricot home page redirect to our regular website (we use Wild Apricot completely with widgets on a WordPress site).
Good comment, agree.
Forgotten password headaches would be a thing of the past if Wild Apricot integrates OpenID options like Google Yahoo or Facebook. Less of a security hazard because the user doesn't have to create a new password for the site. Additionally the user doesn't have to worry about WA getting hacked as all identities would be managed by a trusted third party.
Thanks for comments, we will take them into account. Not very soon, unfortunately.
Don Willis commented
The simplest answer is to allow, in account settings, the administrators to define the value of Site_URL to be their own designated website url rather than the default from wild apricot. This way whenever the system makes a call to this value - it can point to either the wild apricot site or to the members site.
Since this isn't possible today - we had to over write all system generated emails that reference the site_url macro to reference our actual site url in every membership level. So, if we are stuck with this as our only option - maybe you could just let us edit the automated email that the system generates so that we can over write the value like we have to do on all other letters currently.
Nancy Scanlan commented
The email link should again open in a new window, which will go to the WA site. They reset their password, and the final message should say the password has been reset, and again have a link that says "close window" instead of "Home."
So it would work like this:
Client is on Other Page on different site with login widget.
Click on forgot password.
New window #1 opens, into WA site, with either a header or no header, and no menu, and instructions to enter email and code. Message appears in this same window, with a link to close window (not a link to Home), and a message to close the window. So they can close the window themselves, or click on the close window link or button, but they cannot go anywhere else, because there is no menu. Original window is still open. When they click to close new window #1, they will see original window (Otherr Page).
Member checks their email. Clicks on the email link. New window #2 opens with request for new password.This is like the other window: same or no header, no menu. Member would fill in new password, click on the button, and in this same window would be the message about their password has been changed. Again, instead of the Home link, a click here to close window button or link. They can close the window or click on the button. Window closes, and they see Other Page again. Now they can use the login widget.
You can use this method for people who use widgets, and the method you have now for people who use WA for their website.
But what happens when they receive the email? They will have to click on on email link and it will open WA site, not intended site. This means that email link should also lead to external site page, not WA page.
Nancy Scanlan commented
I have the same problem for our members. This is how it could be fixed:
When they click on the link to reset their password, it should open in a new window. And instead of a link to "home" on the message page about checking your email for the password, the link should close the window (and it should say "close window.") That way they will be taken back to whatever the original window was (with an embedded widget, or to a WA page).
Dmitry Buterin commented
Let me check I understand:
- you are using WA in 'widget mode', embedding it into your existing webpage
- when people use 'forgot password' feature, the email they receive contains a link to a page on your WA site where they reset their password.
- they find it confusing because they have to do it on a website which they do not normally use directly.