Password Reset Page

Last Updated: 30 Aug 2017

A Password Reset Page is used to allow your users to reset their passwords if they have forgotten it. To reset their password, the user enters their user name into the text box on the Password Reset Page. Squiz Matrix then sends an e-mail containing the URL where they can change their password. Once they have changed their password, they can log in.

The figure below shows how this process works through the use of the Bodycopy assets created under the Password Reset Page in the Asset Map.

For more information about each of these Bodycopies, refer to the Additional Dependant Assets section in this chapter.

The process of the Password Reset Page
The process of the Password Reset Page

For this process to work the email address needs to be specified for the user account. As the user has forgotten their password this page does not require the user to be logged in. Instead, it uses the email address specified for validation of the account. If the email address has not been specified, they will not receive an email hence will not be able to reset their password. Also, if the user enters a user name that does not exist, the Request Receipt Bodycopy will still be shown, giving the appearance that the user name does exist. As the user is not logged in when they are using this page, you need to grant Public Read Permission and change its Status to Live. If you do not grant Public Read Permission, the user will need to log in to see the page but they can't as they have forgotten their password.

When you create a Password Reset Page, Squiz Matrix will default all required information for the email and the Boydcopies so it is ready to go as soon as its Status has been changed to Live and the Public Read Permission has been granted. From there you can change the information being shown through the Details screen and the Bodycopies.

Once your Password Reset Page is created, you can configure its settings on its associated asset screens. The majority of these screens are the same or similar to those for a Standard Page and are described in the Asset Screens manual. In this chapter, we will only describe the Details screen, which is different for a Password Reset Page.

Bookmarks

Additional Dependant Assets

The additional dependant assets of the Password Reset Page
The additional dependant assets

When you create a Password Reset Page, several assets are automatically created beneath it, as highlighted in the figure to the right. You can use these assets to define the contents and layout of the Password Reset Page.

  • Account Pending Reset: this User Group will contain the user accounts where the user is in the process of resetting their password. Once they have reset their password, the user account is removed from this User Group.
  • Request: this Bodycopy is used to define the initial layout of the Password Reset Page. This layout should allow users to enter the user name of the account they want to reset.
  • Request Receipt: this Bodycopy is used to define the layout of the Password ResetPage once the user has entered their user name. It should inform the user that an email has been sent, for example 'Thank you for your request. An email has been sent to your email address'. This Bodycopy will show regardless of whether or not the user name they entered exists in the system.
  • Reset: this Bodycopy is used to define the layout of the Password Reset Page when the user is changing their password. This layout should display the password fields and the submit button.
  • Reset Receipt: this Bodycopy is used to define the layout of the Password ResetPage once the user has reset their password.

Details Screen

The Details screen allows you to configure the settings of the Password Reset Page. For more information about the Status, Future Status, Thumbnail, Details, CAPTCHA, Google reCAPTCHA, and Spam Prevention: Honeypot Question sections of the screen, refer to the Details Screen chapter in the Asset Screens manual and the Form Contents chapter to the Custom Form manual.

Request Validation

This section allows you to format the e-mail the user receives when they request their password to be reset. By default, the email will be sent to the email address that is specified for the user account. The Request Validation section of the Details screen is shown in the figure below.

The Request Validation section of the Details screen
The Request Validation section

The fields available are as follows:

  • To: enter any additional email addresses that the email should be sent to. For example, if you want to notify a System Administrator that a user has requested that their password be reset, add the system administrator's e-mail address in this field. You can either specify the email address in the text fields or select their user account from which their email address is sourced.
  • From: enter the email address for the from address of the email. This address will default to the email address entered onto System Configuration screen. For more information about this screen, refer to the System Configuration manual.
  • Reply-To: enter the email address for a user to reply to. If no reply-to address is configured, the header will not be sent on the email.
  • Subject: enter the subject of the email. By default, 'Password Reset Request' will appear in this field.
  • Body: enter the contents of the email. By default, the Text Email Version will show. If you wish to format the HTML Email Version click the edit icon. The WYSIWYG Editor will appear.

    Remember to include the keyword replacement %password_reset_url% in the body of the email.

  • Show Error: select whether or not to display an error message is the user enters a username on the Password Reset Page that does not exist. By default, this option is disabled as a security precaution, so as not to reveal the usernames of users in the system.
  • Check Browser Session: this option allows you to force users to open the emailed reset link in the same browser session in which the password reset was requested. This ensures that no other users on the same email address will be able to complete the password reset request on another user's account. By default, this option is enabled.

If a user entered the incorrect password more times than allocated in the Max Login Attempts setting, their User Asset will be set to Under Construction and they will not receive any system emails from this page. The User Asset will need to be made Live prior to being able to reset their password via the Password Reset Page.

Keyword Replacements for the Password Reset Email

Within the fields that are available in the Request Validation section, you can use any of the keyword replacements that are available for the user assets. For example, if you want to show the username of the account in the Body of the email, you can use the keyword replacement %asset_attribute_username%. For a full list of keyword replacements for the user assets, refer to the Users and Permissions manual.

Additional, the keyword replacement %password_reset_url% is also available. This keyword replacement will include a hyperlink to the Reset Bodycopy where the user can enter a new password. Without this hyperlink the user will not be able to reset their password.

Request Bodycopy

The Request Bodycopy is used to define the initial layout of the Password Reset Page. This layout should allow users to enter the user name of the account they want to reset. For example, for the Password Reset Page shown in the figure below, the user can enter the username of the account they want to reset the password for.

An example Password Reset Page (Request)
A Password Reset Page (Request)

To change what information is being shown, right click on the Request Bodycopy in the Asset Map and select Edit Contents. Click on the edit icon icon – the WYSIWYG Editor will appear where you can use keyword replacements and formatting to layout the information to show on the page. By default, the information shown in the figure below will appear in the WYSIWYG Editor.

The WYSIWYG Editor on the Request Bodycopy
The WYSIWYG Editor on the Request Bodycopy

Keyword Replacements on the Request Bodycopy

A list of keyword replacements is provided in the WYSIWYG Editor toolbar on the Edit Contents screen of the Request Bodycopy. You can use these keyword replacements in conjunction with text, images and links etc to layout what to show on the page.

You need to include the keyword replacements The submit button and The input field for username so that the user can submit their request to reset their password.

The standard keyword replacements that are available include the following:

  • The submit button: this will show a button to allow your users to submit their username.
  • Error messages: this will show any error messages that occur when requesting the password to be reset.
  • The input field for username: this will show a text field where the user can specify the username of the account they want to reset the password for.

Request Receipt Bodycopy

The Request Receipt Bodycopy is used to define the layout of the Password ResetPage once the user has entered their user name. It should inform the user that an email has been sent, for example, 'Thank you for your request. An email has been sent to your email address'. For example, for the Password Reset Page shown in the figure below, the user is informed that an email has been sent with further instructions. This has been defined in the Request Receipt Bodycopy. This Bodycopy will show regardless of whether or not the user name they entered exists in the system.

An example Password Reset Page (Request Receipt)
A Password Reset Page (Request receipt)

To change what information is being shown, right click on the Request Receipt Bodycopy in the Asset Map and select Edit Contents. Click on the edit icon icon – the WYSIWYG Editor will appear where you can use keyword replacements and formatting to layout the information to show on the page. By default, the information shown in the figure below will appear in the WYSIWYG Editor.

The WYSIWYG Editor on the Request Receipt Bodycopy
The WYSIWYG Editor on the Request Receipt Bodycopy

Reset Bodycopy

The Reset Bodycopy is used to define the layout of the Password Reset Page when the user is changing their password. This layout should display the password fields and the submit button. For example, for the Password Reset Page shown in the figure below, the user can reset their password using the fields shown. This has been defined in the Reset Bodycopy.

An example Password Reset Page (Reset)
A Password Reset Page (Reset)

To change what information is being shown, right click on the Reset Bodycopy in the Asset Map and select Edit Contents. Click on the edit icon icon – the WYSIWYG Editor will appear where you can use keyword replacements and formatting to layout the information to show on the page. By default, the information shown in the figure below will appear in the WYSIWYG Editor.

The WYSIWYG Editor on the Reset Bodycopy
The WYSIWYG Editor on the Reset Bodycopy

Keyword Replacements on the Reset Bodycopy

A list of keyword replacements is provided in the WYSIWYG Editor toolbar on the Edit Contents screen of the Reset Bodycopy. You can use these keyword replacements in conjunction with text, images and links etc to layout what to show on the page.

You need to include the keyword replacements The submit button and The input field for password reset so the user can submit their new password.

The standard keyword replacements that are available include the following:

  • The submit button: this will show a button to allow your users to submit their username.
  • Error messages: this will show any error messages that occur when they are resetting their password.
  • The input fields for password reset (new and confirmation password input fields): this will show two fields side by side where the user can enter their new password into the first field and confirm it in the second field.
  • Input field for the new password: this will show a field where the user can enter their new password. If you use this keyword replacement, you also need to use the keyword replacement Input field for the Confirmation of the new password so the user can confirm their new password.
  • Input field for the Confirmation of the new password: this will show a field where the user can confirm their new password. If you use this keyword replacement, you also need to use the keyword replacement Input field for the new password so the user can enter their new password.

Reset Receipt Bodycopy

The Reset Receipt Bodycopy is used to define the layout of the Password Reset Page once the user has reset their password. For example, for the Password Reset Page shown in the figure below, a message is shown informing the user that they have successfully change their password and they can log in. This has been defined on the Reset Receipt Bodycopy.

An example Password Reset Page (Reset Receipt)
A Password Reset Page (Reset receipt)

To change what information is being shown, right click on the Reset Receipt Bodycopy in the Asset Map and select Edit Contents. Click on the edit icon icon – the WYSIWYG Editor will appear where you can use keyword replacements and formatting to layout the information to show on the page. By default, the information shown in the figure below will appear in the WYSIWYG Editor.

The WYSIWYG Editor on the Reset Receipt Bodycopy
The WYSIWYG Editor on the Reset Receipt Bodycopy


Previous Chapter Next Chapter