Joomla : Fixing the User Password Reset Feature

Recently on one of my Joomla projects a user complained that they used the Password Reset feature but they encountered an error in the final steps of the process.

How does Joomla’s Password Reset feature work?

Joomla’s Password Reset feature asks for the user’s email address which it checks for in the user account table against that user’s record.

If found a unique token (a long series of numbers & characters) is generated and this is sent to the email address with a link back to the correct page on the website where the token needs to be entered to complete the process and allow the user to reset their password.

What went wrong?

Unfortunately, the email sent to the user displays the token in this manner :

The token is 408ebfa6c89glda0d267543e07a4cdeb4 .

Notice the space before the period? Well, understandably, the user was copying everything upto the preiod, including the space and pasting it into the field provided on the website for the final step. Unfortunately, that extra space counts as a character and so the token did not match and the user received an error and was unable to complete the reset. Not good.

The fixes

There are two fixes for this issue:

  1. Format the email properly so there is less of a chance of user error;
  2. Run the submitted token through PHP’s trim() function to strip out empty characters on either side of the token.

Making these two fixes should prevent this error occurring again and keep users who need to reset their passwords from becoming frustrated.

How to?

Format the email to remove the space

The first step requires us to amend the email that is sent out to the user. Joomla uses language files so it’s quite easy to amend this message. The reset password function is a part of the User Component in Joomla (com_user) so look up the correct file in the ‘language’ folder/directory :


Search for this text “PASSWORD_RESET_CONFIRMATION_EMAIL_TEXT”  and edit the value of this setting by removing the space and period. I added newlines (n) before and after the token (%s) so that the token displays on a line by itself.

This has two advantages:

  1. Makes it clearer to the user if the token is on a line by itself
  2. Reduces the chance of user error when copying/pasting

Use trim() to remove whitespace

The second fix is the better one as it tackles the actual issue of readying the submitted token for comparison and matching.

In order to do this go to the following file :


Search for the text “function confirmReset($token)” and inside this function add the trim function like so:

function confirmReset($token)
global $mainframe;

$token = trim($token);

……….. function continues ………..


This will now remove all extra whitespace on either side of the token submitted by the user so that the ‘clean’ token is used for comparison.

And that’s it – you will now have a sturdier Reset Password feature in Joomla.

RokDownloads – great Joomla Component for File Download Management

Over the last few weeks I’ve gotten increasingly busy (hence the lull in articles on this site) in customising certain Joomla components at work.

One component I came across just last week is RokDownloads. This is a file-download management component for Joomla 1.5 and as the name suggests it rocks! Developed by the same team that create the brilliant templates for Joomla, RocketWerx (RocketTheme) I guess it’s not that much of a surprise what a quality component this is.

I was using a popular component called DOCman however when it came to customising, it proved pretty difficult mostly due to the fact that it had first been developed for Joomla 1.0x and the team that created it only ported it to work in Joomla 1.5 Legacy Mode; meaning basically that they hadn’t really used the MVC (Model, View, Controller) protocol the way it’s used for Joomla 1.5 Native components.

RokDownloads is proving much easier to customise and even if you don’t need any customisation it just works really well.

So, if you’re looking for a great, free file-download manager hit up RokDownloads.

Joomla 1.0x Developers Manual

Although Joomla is a very popular open source application for building content-rich web sites, the available documentation for version 1.0x leaves a lot to be desired.

Currently working on a pretty big, and complicated, project involving multiple Joomla sites, I went off in search of relevant material that would help me design and build custom components and modules for version 1.015.

Unfortunately, I couldn’t find any single document that provided me with the information I needed, that is until I happened on a post on the Joomla Forum where someone had helpfully posted a link to a PDF of the Joomla Developers Manual.

Now, this guide for version 1.0x is incomplete, and will remain ever so since the Joomla Documentation Team are concentrating on getting a comprehensive Joomla 1.5 guide ready, however it does offer a lot of important information that you’ll only otherwise get by spending hours on the Joomla Forum and on other sites trying out tutorials.

So, if you’re looking for a ,somewhat, single document in PDF format that can help you understand the Joomla CMS engine a little better and help in building your own components and modules, look no further – click here to download the Joomla Developers Manual.

Joomla – the difference between components and modules

When starting out in Joomla, either as a developer or site administrator, it’s likely one of the first questions to pop up will be what the difference between a Component and a Module is. Although it’s possible to ‘figure’ out what does what, it’s always a good idea to get the low-down from someone who’s experienced in Joomla development.

Joseph LeBlanc has a great article on his site making it very simple to understand the main differences

Joomla 1.5 or Joomla 1.015 – which version is better to use?

What version to use for a Joomla project is a question that requires some thought, primarily regarding the functionality you want your Joomla site to have.

Joomla 1.0x has been around since about April 2004, with the latest version 1.015 released on 22nd February 2008, and because of this it has a large number of extensions available to quickly add functionality to your Joomla site. The time has allowed the extensions to mature so that most versions will work as expected and can be tweaked to your particular needs without much to worry about.
The other advantage is that more likely than not what you may want to do with a particular extension will probably have been done by someone else with their trials and tribulations of the process recorded on one of the numerous Joomla forums.
This saves a lot of time and effort when implementing your processes, the very reason you’re probably using a framework like Joomla in the first place!

Joomla 1.5 Stable (Khepri) was released on 22nd January 2008 after a number of months in beta testing, and so it is really only a few months ‘old’. Although many Joomla-extension developers have made their v1.0x version extensions available to use in v1.5, I’ve found them to be a hit or miss affair, never really knowing which extension will actually work as expected.

A current project I’m working on requires a lot of functionality, most of it already available using existing extensions, and some of it will require custom extensions. The decision was made to downgrade to Joomla 1.015 so we could utilise existing extensions and find enough guidance and help, primarily through the use of forums, when it came to developing the custom extensions. The idea is to wait for Joomla 1.5 to mature a little before we make the move to the new codebase.