Elgg password reset

Hi, I am facing an issue with Elgg login. Whenever I logout from the website, the password is expiring and I have to reset to new password every time, so that I can login.

  • Probable this URL could help you http://learn.elgg.org/en/stable/design/security.html and while you are in the administrator panel, maybe you could create a second administrator user with different password just in case you ever lose the first admin..

  • Thanks for the response. This page doesn't list out my exact issue. Also, the example I mentioned above, that a user is facing this, they are already a second admin. But still, when they logout, they are not able to login again with same password. They had to reset password and login every time.

     

    Is there any config on the backend needs to be changed? Or is there a setting in Elgg website to change?

  • there is nothing in Elgg which does this. In default Elgg the only way a password changes is if the user requested a new password (and clicks the confirm link), if the user changes the password on their settings page or if an admin resets their password (which then send the new password in an e-mail to the user).

    There is no mechanism which changes your password on login or logout.

    Do you have any 3rd party plugins enabled which could influence this behavior? Maybe a one-time-use password plugin?

  • Hello, thanks for the response. I am still facing this issue where, when I logout, the existing password doesn't let me in. I have to reset password and login again. I have checked the user password, login, logout Elgg core PHP files. But nothing is changed. 

    Can you let me know how to fix this?

  • There are a few thing that could help debug the problem:

    • Enable the Developer Tools plugin
    • On the admin side you can then go to Develop -> Inspect -> Actions
    • is the 'logout' action '/actions/logout.php'?
    • Also check Develop -> Inspect -> Events
    • are there any events registered to 'logout, user' or 'logout:before, user' or 'logout:after, user'?
  • Yes, the developer tools plugin is activated. Please check below details as you asked.

    And yes, 

    logout vendor/elgg/elgg//actions/logout.php

     

    login:after, user 500 \ColdTrick\GroupTools\Membership::autoJoinGroupsLogin
    login:before, user 500 Elgg\UserValidationByEmail\User::preventLogin
    999 Elgg\Users\Validation::preventUserLogin
  • You gave the 'login' events, are there any 'logout' events?

    If not then I no idea what the issue is. I've never encountered anything like that.

  • There is nothing on the logout event except this. That's why I haven't shared above. I also checked the elgg core files login, logout and register php files, and I don't see any changes there.

    register, menu:topbar 500 Elgg\Menus\Topbar::registerUserLinks
    500 Elgg\Menus\Topbar::registerLogoutAs
  • Hello, I know there is not a solution here, but can I know what are the core elgg files I need to check for login, logout and user register? I would like to double confirm if nothing has been changed there