Why are first time registrants getting the message, “Your current password is missing or incorrect; it's required to change the Password” when they DO NOT have a "current password" to be "missing or incorrect?"
Example:
1. Visitor comes to site
2. Visitor Pushes “Create new account” Button
3. Visitor directed to: user/register page
4. Visitor enters Username *
5. Visitor enters E-mail address *
6. Visitor hits submit/enter
7. Visitor gets the “A welcome message with further instructions has been sent to your e-mail address.”
8. Visitor goes to check email and finds the following:
“Thank you for registering at ….
You may now log in by clicking this link or copying and pasting it to your browser:
www.site/user/reset/a string of numbers and letters.. blah blah blah
This link can only be used once to log in and will lead you to a page where
you can set your password.”
9. Visitor/user clicks link and is taken to:
Reset password
This is a one-time login for …and will expire on …..
Click on this button to log in to the site and change your password.
This login can be used only once.
10. Visitor/user clicks the login button
11. Visitor/user goes to edit and see the following fields:
Username *
Current password
E-mail address *
Password
Confirm password
12. Visitor/user enters info information in the following fields to set up his password for the first time (because he doesn’t have a “current password” to enter):
Password: Blaggh123& Password strong
Confirm password Blah123& Passwords match: yes
13. Visitor clicks the “Press Save” button.
14. Visitor/user gets the following message:
“Your current password is missing or incorrect; it's required to change the Password.”
Also, the “Current password” field is highlighted in red
15. The visitor/user is annoyed because they don’t have a “Current password”
So 2 questions:
1. Why are first time registrants getting the message, “Your current password is missing or incorrect; it's required to change the Password” when they DO NOT have a "current password" to be "missing or incorrect?"
2. What needs to be done now to stop it from happening again?
Comments
Redirect?
Have you got an action set that takes people somewhere after they've logged in? If you look at the email the user gets sent it says:
When they're redirected this way they don't get the 'Current password' box. If you have an action that redirects people on log in then this can override the redirect you're supposed to get for resetting your password.
Just an idea, anyway.
This will occur if you use
This will occur if you use Rules to redirect the user on the first login. You can display them the message or something for the first time, but don't redirect them.
Issues related to this you should follow
Check out #889772: following a password reset link while logged in leaves users unable to change their password.
Lizz Trudeau