Why are first time registrants getting the message, “Your current password is missing or incorrect; it's required to change the Password” when they DO NOT have a "current password" to be "missing or incorrect?"

Example:

1. Visitor comes to site
2. Visitor Pushes “Create new account” Button
3. Visitor directed to: user/register page
4. Visitor enters Username *
5. Visitor enters E-mail address *
6. Visitor hits submit/enter
7. Visitor gets the “A welcome message with further instructions has been sent to your e-mail address.”
8. Visitor goes to check email and finds the following:

“Thank you for registering at ….
You may now log in by clicking this link or copying and pasting it to your browser:
www.site/user/reset/a string of numbers and letters.. blah blah blah

This link can only be used once to log in and will lead you to a page where
you can set your password.”

9. Visitor/user clicks link and is taken to:

Reset password
This is a one-time login for …and will expire on …..
Click on this button to log in to the site and change your password.
This login can be used only once.

10. Visitor/user clicks the login button
11. Visitor/user goes to edit and see the following fields:

Username *
Current password
E-mail address *
Password
Confirm password

12. Visitor/user enters info information in the following fields to set up his password for the first time (because he doesn’t have a “current password” to enter):

Password: Blaggh123& Password strong
Confirm password Blah123& Passwords match: yes

13. Visitor clicks the “Press Save” button.
14. Visitor/user gets the following message:

“Your current password is missing or incorrect; it's required to change the Password.”
Also, the “Current password” field is highlighted in red

15. The visitor/user is annoyed because they don’t have a “Current password”

So 2 questions:
1. Why are first time registrants getting the message, “Your current password is missing or incorrect; it's required to change the Password” when they DO NOT have a "current password" to be "missing or incorrect?"
2. What needs to be done now to stop it from happening again?

Comments

beasley’s picture

Have you got an action set that takes people somewhere after they've logged in? If you look at the email the user gets sent it says:

After logging in, you will be redirected to http://www.mysite.com/user/[user-id]/edit so you can change your password.

When they're redirected this way they don't get the 'Current password' box. If you have an action that redirects people on log in then this can override the redirect you're supposed to get for resetting your password.
Just an idea, anyway.

1mundus’s picture

This will occur if you use Rules to redirect the user on the first login. You can display them the message or something for the first time, but don't redirect them.