How to remove Forgot your password? link from login box?

[abrodski]

Hello!

I use SMF 2.0.11
I want to remove Forgot your password? link from login box, so that only the forum admin could assign and change passwords. How that can be done?

[Illori]

why? users can still change their password from their profile if they are alread logged in.

[abrodski]

why? users can still change their password from their profile if they are alread logged in.

Why what? I'm logged in as a user and I don't see an option for a password change. And like I said before, I wish to know how to remove the Forgot your password? link from the login page.

[Kindred]

1- users can change their passwords in their profile.
2- removing the forgot password link is a terrible, terrible idea that will do nothing other than annoy the users ---  and may actually violate some local laws, since it means that a user can lose access to his own account.

[abrodski]

1- users can change their passwords in their profile.
2- removing the forgot password link is a terrible, terrible idea that will do nothing other than annoy the users ---  and may actually violate some local laws, since it means that a user can lose access to his own account.

1. How?
2. I'm just asking a coding question here, not a marketing one or a legal advice.

[Matthew K.]

In good conscious, none of us are going to give you the answer to your question. I fully agreed with Kindred, and this actually might be against the law. It would not be cool to not allow users to change their passwords.

[abrodski]

In good conscious, none of us are going to give you the answer to your question. I fully agreed with Kindred, and this actually might be against the law. It would not be cool to not allow users to change their passwords.

They are not users, but paying customers with a signed contract in hand. They won't have a right to change any passwords. All the passwords they would get from the company (from me in other words).
What Russian law it violates? Show me. Customers shouldn't be able to play with their passwords and especially when someone can have access to their e-mail accounts and could change their passwords, get into the forum and read the confidential information about our clients' cases.

Also, this question was already answered by margarett here:

http://www.simplemachines.org/community/index.php?topic=514208.0

And the reason why I'm asking is because the guy who was asking that question made it so unclear and complicated, so I'm not sure that the answer is the one I need for my question.

P.S. Here's another link. but it was about SMF 1.1

http://www.simplemachines.org/community/index.php?topic=142882.0

[abrodski]

Well, so far what I found out is that I can simply delete the file Sources/Reminder.php and then if someone clicks on the Forgot your password link, then they would just get a blank white browser window. But I think it would be the best to just remove the link itself. Why to mess around with the code? Maybe there's a way to use CSS for that. Anybody has an idea? Why it is a secret? It's illegal in the US to remove that link from the SMF forum? What's immoral about that? If a customer signs a binding contract with a company it can't be immoral to not let him mess around with his credentials. So what the fuss is all about then?

[Sir Osis of Liver]

WTF?  Simple question, simple answer.  It's in Login.template.php, look for 'reminder'.  And fyi, users can change pw in Profile -> Account Settings.

[abrodski]

WTF?  Simple question, simple answer.  It's in Login.template.php, look for 'reminder'.  And fyi, users can change pw in Profile -> Account Settings.

Thank you! What I've found in Login.template.php is this on line 155:

Code Select Expand

<p class="centertext smalltext"><a href="', $scripturl, '?action=reminder">', $txt['forgot_your_password'], '</a></p>

So now I'm not sure whether to delete just the words 'forgot_your_password' or to delete the whole line or what?

Also I can't locate the password change option in Profile when I'm logged in as a user. I went to Permissions in admin panel and chose a user's membergroup and there there's no "V" where it says "Edit account settings". Probably that's why?

[Sir Osis of Liver]

Comment out the entire line -

Code Select Expand



<!--p class="smalltext"><a href="', $scripturl, '?action=reminder">', $txt['forgot_your_password'], '</a></p-->



It's in two places.

[Sir Osis of Liver]

If 'Edit account settings' is disabled in permissions, 'Account Settings' is not displayed in profile menu, member cannot change anything in that menu.

[abrodski]

Comment out the entire line -

Code Select Expand



<!--p class="smalltext"><a href="', $scripturl, '?action=reminder">', $txt['forgot_your_password'], '</a></p-->



It's in two places.

Thanks a lot, Sir! Yeah you were right, it's also on line 72. It's much better now, otherwise it's a security breach, since lots of ppl just don't even log out from their e-mail accounts, forums etc. And then, say, a roommate can easily get access to another person's e-mail account and thus easily change the forum's password and then login into forum. I think it's a very bad idea to have that link BEFORE you're already logged in. Because even if someone can have access to another person's e-mail account and there's no such a link, then the bad guy won't get into his victim's forum's account to make a change there (even if it's possible, which is not in my forum's case).

[Sir Osis of Liver]

Well, now you know where to go anytime you need a legal opinion.

[Matthew K.]

They can just as easily still hit: index.php?action=reminder without a link. Doesn't remove that.

[abrodski]

They can just as easily still hit: index.php?action=reminder without a link. Doesn't remove that.

Hmm, it's true. I didn't think of that. Thanks! So now what? Is it safe to also delete Sources/Reminder.php like I wrote before? Or is there a better way around it?

[Sir Osis of Liver]

Unlikely anyone would know that, but just in case -

index.php

Code Select Expand



// 'reminder' => array('Reminder.php', 'RemindMe'),



Just comment out or delete that line.

[abrodski]

Unlikely anyone would know that, but just in case -

index.php

Code Select Expand



// 'reminder' => array('Reminder.php', 'RemindMe'),



Just comment out or delete that line.

Is that index.php of forum's root OR it's in Themes/default folder?

[Sir Osis of Liver]

It's the main actions array in root index.php.

[Pipke]

They can just as easily still hit: index.php?action=reminder without a link. Doesn't remove that.

To solve that you can also use this under the first global var line in Reminder.template.php

Code Select Expand


if (empty($context['user']['is_admin']))
redirectexit();