Hello, Is there any way to disable the lost password feature for specific accounts? Someone keeps trying to submit a lost password request for one of our site admin accounts. I realize that the email comes to us so they never get the link to reset it, but I still don't like that they can submit it in the first place. So is there any way to modify the send password files so that it ignores let's say the username "admin" and maybe others?
There is not such standard option. You can alter this behaviour in code directly. Please edit file amember/application/default/controllers/AdminAuthController.php and in method sendSecurityCode as the first line add the following code: Code: if ($admin->login == 'admin') return;
Hello, Unfortunately, that's not working. I have the first few lines of the method like this: private function sendSecurityCode(Admin $admin) { if ($admin->login == 'admin') return; $security_code = $this->getDi()->app->generateRandomString(16); $securitycode_expire = sqlTime(time() + self::EXPIRATION_PERIOD * 60 * 60); And when submitting a lost password for "admin" the email is still sent.
Do you tried to restore password for admin with login 'admin'? It should works for sure. Please contact us in helpdesk I will help you to troubleshoot it.
Hello, I didn't test that, I was looking for a way to avoid the email going out altogether. Is there no way to block that?
Do you want to disable this feature for all admins? In this case replace if ($admin->login == 'admin') return; with return;
Hello, No, I want to do it for specific usernames, I don't want any email to go out or be able to reset the password through amember for these users. Your fix is just blocking it from being reset, but how do we also prevent the email from being sent?
Hello, I stated above exactly how and where I entered the code, and how I tested it. 1. I entered the code that you gave me in the location that you gave me like this: private function sendSecurityCode(Admin $admin) { if ($admin->login == 'admin') return; $security_code = $this->getDi()->app->generateRandomString(16); $securitycode_expire = sqlTime(time() + self::EXPIRATION_PERIOD * 60 * 60); 2. I then when to the lost password page and submitted the username "admin" 3. I still receive an email saying that a lost password request was submitted. So that code is not stopping the email from being sent.
It should works properly if you applied code to correct place. Please contact us in helpdesk with this issue. I will check what can be wrong.
Hello, It does NOT work. I have detailed exactly what I've done above. I wouldn't be posting if the code you provide worked. Our server is very locked down, and I cannot provide ftp access. Here is the entire function: private function sendSecurityCode(Admin $admin) { if ($admin->login == 'admin') return; $security_code = $this->getDi()->app->generateRandomString(16); $securitycode_expire = sqlTime(time() + self::EXPIRATION_PERIOD * 60 * 60); $et = Am_Mail_Template::load('send_security_code_admin', null, true); $et->setUser($admin); $et->setUrl(sprintf('%s/admin-auth/change-pass/?s=%s', $this->getDi()->config->get('root_url'), $security_code) ); $et->setHours(self::EXPIRATION_PERIOD); $et->send($admin); $this->getDi()->store->set( self::SECURITY_CODE_STORE_PREFIX . $security_code, $admin->pk(), $securitycode_expire ); }
As you can see aMember send email ($et->send($admin)) below line if ($admin->login == 'admin') return; but if condition is true code below this line is not executed (email is not send). I tested it on my local install and it works for me. Please contact us in helpdesk if you want that we troubleshoot it.