Problem:
One time login process does not require the user to reset their (forgotten) password.
Scenario:
User forgets password, and requests new password. Drupal sends out one time login link. User does not read instructions, and clicks on link and then on Log-in button. User does not reset password. User comes back to site the following week, and again has to follow the "request new password" process, and again does not set a new password. User does the same the following week, and eventually complains to their contact that the system they have been asked to use does not work (and generally give it a bad name).
Fix:
The fix requires the user to set a new password in order to login using the one time password link. Hopefully the user should remember this new password.
I do not expect this fix to be made officially in Drupal 5.x, but I hope this helps anyone who may need this functionality.
robin
The line numbers refer to user.module 5.16
Step 1 - Add new fields to the one time login form
--------------------------------------------------
Go to line 1157 in user.module and change the form
From this:
<?php
$form['message'] = array('#value' => t('
This is a one-time login for %user_name and will expire on %expiration_date
Click on this button to login to the site and change your password.
Read »
