User-edit page can't be edited without current password

I have the same issue. I'd like an option to reset their password so they end up on the same page as the default one time login - on the set password page. I'll probably go with the nocurrent_pass route, but still need to force the login redirect to be the user profile edit page instead of view.

I have addressed this on a few sites by hacking the core to not require the old password. It's very bad to do that, but only takes a few lines in the user module. A little module to do this would be much smarter.

Same issue here. It would be great if it could ignore the current password restriction just for the one time login link.

I've been looking for a answer to this issue myself and have found some (perhaps) usefull information on https://drupal.org/node/889772.

On comment #38 there is some usefull information about the core user module and how it adds a token to the users $_SESSION after clicking on a password reset link. Perhaps this is something that can be taken into the Login one time module?

@Cayenne (#2): The No Current Password module disables the D7 core password check in general.

When taking them to user/*/edit, it's difficult to ensure the user will choose a new password because all the other fields are visible on the page also. Thus, perpetuating the issue.

It might also be nice to include a "brief" implementation as seen in the simple_pass_reset module for the password recovery flow.

https://drupal.org/project/simple_pass_reset
Further explanation: http://www.dave-cohen.com/node/1000030

I've created a patch that will add an admin option to ignore the current password field (it's in the user section), only when a new login link is requested and the user is redirected to their user edit form. The patch should be able to be run from the module folder, please give it a try and let me know if it's any good.

I reviewed the code in #7 and applied it. Looks good and works well.

However I'm probably going to stop using this module. I had originally installed it so I can send people one time login links via rules. I don't know why we deviate from the core one time login links instead of just sending those. This could be done in rules with: echo user_pass_reset_url($user);

Seeing this issue made me realize that the button this module puts on user account pages is HORRIBLE UX. It sends people a link so they can get into their account, but if they want to actually change their password, they have to request another password reset link??

Get this patch in, so this module can actually have some utility.

Coding standards clean-up. I think this is RTBC but need someone else to verify.

I reviewed and applied the code in #7 and all looks good and works for me.

@johnpicozzi RTBC even?

Dang since the latest changes, this now needs a reroll.

Ok Re-rolled. (Nice 3way auto merge on rebase!)

Committed to dev. Please test :)

Thank you @Maedi