Adding Reset Password Support To Drupal 6 Password Recovery Email

Drupal is capable of sending out a few different emails to users depending on different actions. The emails can be customised quite nicely with usernames, passwords, email addresses and other things by using a set of tokens. The password recovery email states that you can use the "!password" token to send the user their new password, but after a few tests I found that this token doesn't get replaced when the email is sent out.

The simplest solution here is just to remove this token from the description for this email. However, if you do want to allow user's to reset (and receive) their passwords by using this form then there are a couple of simple things you can do.

The first thing to be done is alter the user_pass form so that it uses a custom submit function that we will write. Add the following form hook to a module (or create your own for this purpose).

 * Implements hook_form_form-id_alter().
 * Overwrite the submit function of the request new password form.
function mymodule_form_user_pass_alter(&$form, &$form_state) {
  $form['#submit'] = array('mymodule_user_pass_submit');

The next step is to rewrite the code of the user_pass_submit() submit function, but to create a save the user's password. All we need to do is call user_password() to create a password, save it to the user's account using user_save() and then make sure that it is passed to the email template.

 * Overrides the submit function user_pass_submit().
 * @see mymodule_form_user_pass_alter()
function mymodule_user_pass_submit($form, &$form_state) {
  global $language;

  $account = $form_state['values']['account'];
  // Generate new password
  $password = user_password();
  // Save new password
  $savedetails = array('pass' => $password);
  user_save($account, $savedetails);
  // Set password parameter of $account object so that the new password is emailed.
  $account->password = $password;
  // Continue with the rest of the submit function
  // Mail one time login URL and instructions using current language.
  _user_mail_notify('password_reset', $account, $language);
  watchdog('user', 'Password reset instructions mailed to %name at %email.', array('%name' => $account->name, '%email' => $account->mail));
  drupal_set_message(t('Further instructions have been sent to your e-mail address.'));

  $form_state['redirect'] = 'user';

Now when your user's request a new password there current password will be changed and emailed to them.


Exactelly what i'm searching, thanks

Hi, Little bit out of topic. Do you have a snippets to redirect user to homepage"" instead of "/user", after user request to change password from "user/password"
You could try using the Login Destination to redirect the user, although that might not be what you are after. An alternative would be to use a hook_form_alter() on the password form to add a redirect to the form submission.
Philip Norton

Add new comment

The content of this field is kept private and will not be shown publicly.
1 + 5 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.