Bulk generate forgotten password links

(James Cook) #1

I have a situation where I transferred to a new forum, but communication on my part wasn’t great and a lot of my members didn’t realise they’d still have accounts at the new website.

All they had to do was reset their passwords, but I have 200 accounts where they didn’t know or didn’t bother doing this. Essentially I lost 200 members overnight.

I’m now sending out an email campaign targeting these members asking them to come back to the forum. What would be really nice is if I could include the forgotten password link in the email I send them, rather than making them jump through hoops to get to it.

My audience are generally in the 45-65 age range, so what may seem simple for some of us isn’t necessarily simple for them and they may just not bother. Basically I want to make it super simple for them to get back on the forum.

Is there any way to bulk generate those forgotten password links that I can then include in my email campaign?

Thanks a bunch! :banana:


I did something a bit different.

Many of the user accounts in my forum traversed four different forum migrations and passwords and e-mail accounts have since been lost/expired. I wrote a snippet of code to set all the passwords for those users to their e-mail addresses. While this isn’t the most secure method–I assume that most of my members don’t know each others’ e-mail addresses.

I ask my members to login with their username and email on file and to update their e-mail addresses if the email no longer exists.

Here’s the code I used if you’re interested.

I also set the users’ bounce scores high so the system wouldn’t try to e-mail old e-mail accounts that may no longer exist. In my case, I lost all passwords from the date of migration, 9/22.

You need to be in rails console. That last line, user.email_tokens.destroy_all allows the user to login without confirming their email address.

users = User.where("last_seen_at < '2016-09-22'");
users.each do |user|
  puts "#{user.id} #{user.username} #{user.email}";
  user.password = user.email;
  user.active = true;
  user.user_stat.bounce_score = 30;

(James Cook) #3

Thanks very much for the response. This sounds like a simpler way to go. Do you know what would happen if any of these users logged in using Google or Facebook and I reset their passwords manually? What would happen if they decided to log in?

I’m only asking because it may just be that some of them didn’t bother coming back (the subject area changed slightly) and not that they were unable to log in.

(James Cook) #4

You mentioned that you asked them to update their email addresses if they no longer existed, but how would you be emailing them asking them to do that if the email no longer existed? Did I miss something? :smiley:


As long as email addresses in Discourse matches the email in the auth service, logging in via FB or Google should work fine even with this update. Discourse ignores a users email and matches the authorized email from the service.

You might want to take care to exclude any users that have already reset their passeords.

Concerning informing people, I post a public announcement letting people know the steps to login. :slight_smile:

In your case, you can bulk email them. I ran into major issues with bounce mails so I had to turn emailing off.

(James Cook) #6

Ahh fair enough. I did post a public announcement too, but for whatever reason some people just didn’t read it or didn’t bother. I also setup a 301 redirect from old domain but it obviously wasn’t enough!

I weeded out the inactive accounts when moving over, so everyone’s emails should hopefully be up to date.

I will go ahead and reset their passwords how you suggested and go from there. Thanks for your help!

(Jay Pfaffman) #7

You can also globally pin the how to set your password topic.

(James Cook) #8

Thanks, will do that too.

(Jay Pfaffman) #9

Another thing that you can do to get a notification to everyone is @mention @everyone with a link to 301 Moved Permanently . If you don’t want to blast everyone, you can make a group with just the people you’re concerned about.

(Jeff Atwood) #10

Er… what? How would that work?

(Jay Pfaffman) #11

If I understand him correctly, people are signed up with their actual email address and just need to reset the password. @mention will send an email to them and /password-reset will let them enter their email address to get a new password with minimal “hoops.”

(Jeff Atwood) #12

Do you mean @name mentioning every one of hundreds of users, individually? You know there is a limit of allowed mentions per post, yes?

(Jay Pfaffman) #13

No, I meant to use @everyone (you know, the group with everyone in it) or create a group with the people he thought he’d lost and @mention it.

(Jeff Atwood) #14

It is not possible to mention @everyone because that would be insane.

(Jay Pfaffman) #15

Well, yeah, there’s that. I thought it would work, see?

But I don’t get the “you’re about to notify an insane number of people” message, so I guess it wouldn’t work. Still, creating a group of all the people might be a feasible solution to his problem.

(Felix Freiberger) #16

Mentioning @everyone is not possible and cannot be allowed :thumbsdown:
Mentioning @trust_level_0 can be allowed in settings and has the same effect :thumbsup:
(This discrepancy doesn’t make sense…)

The French @everyone is not working