Mail password to users?

[Pirate Elf]

Is this doable? If so what combo of addons would be needed for this to become a reality, because the number one thing I hear a lot is "I forgot my password" and would like a way to automate this process.

[Alexv]

This is a feature which is very convenient, and is omnipresent amongst Coranto's competitors. This has been discussed in the past, and every time the conclusion was that it's best to do it in core (not with an addon). The reason behind it is (or was anyway, perhaps the policy has changed since) to make sure no addons are loaded until the user is logged-in. There are simply no addon hooks in that area (there was at one time, when Lawrence accidentally added one, but was quickly removed in a subsequent release). The fear was that a rogue addon could bypass Coranto's security by adding a backdoor or something. Of course one must realize that even if we don't load addons until a user is authenticated, once a user is in, an addon can do absolutely anything. That is, any addon could just modify the code in crcore.pl or coranto.cgi and insert a permanent backdoor.

The toughest challenge would probably be figuring out how to send the e-mail. Some server's don't have sendmail, some force you to authenticate, some users will be overwhelmed by the complex terminology, etc... Perhaps it's best to have an option to enable/disable e-mail features (similar to the way Coranto currently enables/disables features depending on whether the install is "Private" or "Public").

[Parahead]

The Coranto passwords are saved encrypted, not clear text. Thus it is not possible to submit the current password, but of course a new one can be created and sent when the user needs it. Just like this forum works...