Re: First login
I think this may be an interaction between "admin must validate" and "validate users by email". I experienced the exact same problem described above after a recent upgrade from v1.9.8.3 to v1.9.9 by the contractors handling the back-end of our site. (I don't know if they did a clean install or an upgrade script.)
When I turned off admin must validate, the problem went away. Not only that, but "validate users by email" started working, and it hadn't been previously. I had been trying to use both validation methods, as each can be circumvented:
- With just admin validation, a user could enter a fake email address using one of our company's domain names. He wouldn't receive notification that his account was validated, but he could just wait and keep trying to log in.
- With just email validation, a user from any given domain could register and gain access before any admin was aware of it.
To test the interaction hypothesis, I disabled "validate by email" and enabled "admin must validate", and was successfully able to register a test account and login without the password having to be reset from my admin account. So for now, it looks like TW will allow one method or the other, but not both.
- ))MacLeod((