Closed syberknight closed 6 years ago
anybody? nobody?
manager/controllers/default/security/login.class.php
. Line 226 generates the new password through modUser->generatePassword which accepts a $length parameter, but that isn't passed. The default password length in that case would be 10 though, not 8. thanks Mark-H. fyi, sottwell & BobRay came up with a workaround for now @ https://forums.modx.com/thread/100064/forgot-password-length-too-small#dis-post-541202
Issue fixed in a general but there are also some new issues opened with more detailed cases according to respecting system settings values. Closing it now. Feel free to reopen if needed.
xpost @ https://forums.modx.com/thread/100064/forgot-password-length-too-small#dis-post-541129
i've discovered (after getting all the complaints & having to fix manually all the people who's having this problem) that the "Forgot Password" option auto-generates an 8 character password. but it never works to sign-in with because i have all my validation set to 10 characters.
i would prefer not to have to drop my password registration/login validation to 8 characters, but if there's no solution, i realize i'll have to.
so i went hunting first & found in the System Settings > Core listing a couple parameters that seem to me should fix this to my preference... but they aren't working. they are... Password Auto-Generated Length "password_generated_length" which defaults to "8" (https://rtfm.modx.com/revolution/2.x/administering-your-site/settings/system-settings/password_generated_length) Minimum Password Length "password_min_length" which also defaults to "8" (https://rtfm.modx.com/revolution/2.x/administering-your-site/settings/system-settings/password_min_length)
so i changed them to 11 & 10 respectively. but the forgot password emails STILL are only sending 8 character passwords.
am i missing something? thanks!!!
fyi: using Revolution 2.4.3-pl & the Login extra 1.9.2-pl.