Direct password resets by admin / moderator /staff?


#1

I’ve looked around and this question comes up a few times but without a clear answer as far a I can see.

Would it be possible to allow an admin/moderator/staff to do a direct password reset on behalf of the user without the email re-activation procedure?

So, users asks for a password reset by direct email / Facebook message to the forum administrators.
Admin/moderator/staff goes into /admin, sets a password for the users and emails / Facebook messages the password back to the user.

I have a converted forum that does not have the original passwords for the converted users and a lot of users have issues with the current password reset method (email messages get flagged as spam or simple do not arrive at all).
The proposed direct password reset method would be a big help.


(Sam Saffron) #2

This needs fixing first, seems like you are just trying to sweep the problem under the carpet.

Reset password function needs to be bullet proof. Is email setup right on your instance, dkim etc.


#3

To clarify, the email problems I mentioned are at my current (phpBB) forum, probably partly caused by having an uncommon domain name (.community).

The requested functionality for password resets by admin/moderator/staff users will still be really useful once I’ve migrated to Discourse in order to assist the current and older returning users with accessing their migrated account at Discourse.


(Kane York) #4

Here’s an alternative: if you set it up, and they have a social login (Google, Facebook, Yahoo) where the email matches the email on the account, they will be able to log in using that without resetting their password.

(This won’t work with Twitter, because they don’t provide the email.)


(Sam Saffron) #5

What I support here is an admin button on users admin to issue a password reset email. Its a reasonable feature to have and saves you opening a second, anon browser window.


Suggestion: ability to send password reset emails from the Admin page of a user
#6

That’s really interesting I didn’t know about that feature.
Will this always work as long as the email address matches?
What if the user has already reset his/her password, will they still be linked to a social login with the same email address?