If you are using a force.com site and you are trying to use a custom change password page, it is a nightmare to debug issues where salesforce has zero documentation on it. I created a custom change password page and here are the steps to do it for any project.
Moments of truth.
A. Site.changepassword will only work if the user is logged in and so never ever try to test this method with anonymous users or guest user. To make the method work,you have to implement site.login method which would allow the user to login and create a session.
b. Never create site.login and site.changepassword in the same transaction or same request . This does not work if you have one method doing both calls at the same time. Do the site.login first and redirect to a custom change password page where you would have the user to enter old and new password.
c. System.setpassword does not work on force.com sites pages at the moment.
How do you do it.
a. Create a visual force page ForgotUsername where you would allow the user to enter the user name .
b. The controller for ForgotUsername would validate the user name and should call Site.Forgotpassword which would trigger an email with a temporary password to the user.
c. Create a confirmation page which would tell the user to check his email on temporary password.
d. Next login to your org and to the site settings page and click on Login setting and change the password page to a custom visual force page which we would call ChangePwd.
e. On the ChangePwd page, create 3 text boxes for typing old password, new password and confirmation.
f. Now the user would login with his user id and temporary password. Salesforce would redirect the user to ChangePwd page where the user can enter his temporary password, new password and confirmation. The only pain is that the user has to enter the temporary password again on this page and if you want you can store this in a custom object and delete it after change password confirmation This way , we can display the old password again.
g. On the ChangePwd page, read the passwords and call Site.ChangePassword with old and new passwords . You would recieve a page reference which would be the starting url parameter which you specified on the login method.
h. Now if you check the user detail screen, you should see a time stamp change on the last password update time stamp.
So using the above techniques, you can allow users to create a custom change password page from scratch. Feel free to post your comments on this and i will follow up with some sample code in the next blog.
Subscribe to our mailing list and get tips to maximize salesforce to your email inbox.
I am honored to have your subscription. Stay tuned for tips to maximize your salesforce investment
Something went wrong.
6 thoughts on “Creating a custom Change password page using force.com sites and solving issues with dreaded Site.Login and Change password..”
Can you please share the code. And does your code change the password of the customer portal user?
Have you tried logging into your website with the new password by using the default SiteLogin functionality.
Does it work?
Even if I create new users, I am unable to change their password, I can only reset them by using the password which I receive in my mail by availing the ForgotPassword default page. Can you please drop your reply on my email id.
Yes my code changes the current password for the user. To make this work, you need to do the following
a. There is a default changepassword visual force page which comes with salesforce sites setup. Customize that page with your look and feel.
b. Go to the site detailed page and click on login settings and change the visual force page to your custom change password page.
c. Now once the user logs in with the temporary password, your custom change password page will be evoked and the password will be changed.
d. After the password is changed, redirect the user to logout so that the user can login with the new changed password.
All you need to do is implement the site.changepassword which is already available to you on the changepassword default page provided by salesforce.
I have made a website using the free domain of site.com and I have used the default SiteLogin functionality which redirects to my custom visualforce pages on successful login. I am facing the following issues:-
1. As soon as I login, I want my user session to start unless I logout. While I am in my session, I want my respective Customer Portal username to be available as a global variable which can be used across all Visualforce pages. Is this possible? Even if I am able to maintain session for a single user, even that will be enough for me according to my requirements.
2. I have made multiple Customer Portal users through SiteRegister visualforce page, but no matter which user logs in, current user is the default user and administrator of the force.com account.
Can you please provide me a code through which after a user logs in, his session is maintained across all visualforce pages till he logs out. While he is logged in, the current user is the user who is logged and not the user of force.com developer account.
3. Since my homepage of my site is login page, I don’t want users to access my other custom visualforce pages unless they are logged in. The problem is, I am able to successfully log in but all my visualforce pages can be accessed by just appending the URL of my Site.com domain irrespective of the fact that a user is logged in or not. I want my site to check if a customer portal user is logged in before providing access to all the visualforce pages in my website.
4. I also have a small doubt. Why isn’t the Logout link displayed if I open the page through Site.com and is visible if I open by https://c.ap1.visual.force.com/apex/ChangePassword?
Here is what you should do.
http://wiki.developerforce.com/page/Authenticating_Users_on_Force.com_Sites follow this tutorial and see if you have done all these settings.
1. Create the site, make it active.
2. If you click on the site name , it would take you to the site detailed page. On that page, make sure you check off read permission to all objects. This would prevent users to view other data without logging in.
2. Link your site to a customer portal and assign a custom profile to it.
3. On your custom profile, provide permissions to needed objects and this would show up only for logged in users.
4. Once you login , it is a different session altoghether and you should use the Userinfo object to find out the logged in user.
Thanks! Finally got a solution 🙂
For all those people who want to register and free force.com site and maintain a session for users, I request you to first create a fresh developer.force.com account even if you have one and follow the following steps.
WORDS OF WISDOM
Instead of finding out why the problem is occurring in your existing portal and debugging it, create a new one and copy all your objects through workbench, copy and paste visualforce pages and apex classes to your new force.com account.
1. Customer Portal -> Settings -> Activate the portal, Enable Self Registration, Set Default New User License as Customer Portal Manager Standard, Set Default User Role as User and Default New User Profile as Customer Portal Manager Standard.
2. Create an Account and copy its Account ID
3. Manage Users->Roles->Company size based sample-> Set up Roles->Either Add Role or Assign to existing role the above account created.
4. Develop->Sites->Search availability and register a domain
5. Edit the Site Details by providing name and other details. To start with keep the homepage as SiteLogin, Change Password as ChangePassword page and Profile Page as MyProfilePage.
6. Activate the Site
7. Click on Site Name and go to Login Settings->Edit->Select the customer portal so created
8. Now the site is activated and login is enabled
9. Go to SiteRegisterController page->Edit -> Replace the default PORTAL_ACCOUNT_ID with the above copied Account ID
10. Go to MyProfileController->Edit->Comment the if condition which throws exception in case of Guest User.
11. Go to SiteLoginController , change the return value of the login method with ‘return Page.MyProfilePage;’
12. Go to Develop ->Sites->Click on Site URL
13. If all the steps are done correctly, the Site will show hyperlinks for NewUser, ForgotPassword and Login on the Header as well as on the Output Panel.
14. Click on New User, enter the details and on clicking submit you will be redirected to the Login page. Enter your username and password registered. If all the above steps are done correctly, you will be directed to the MyProfilePage which will show you the logged in user credentials alongwith change password button and a logout button.
15. Copy paste the same URL on another browser or private browsing or incognito window and you will see the message of authentication required.
16. If you click on Logout, you will be redirected to the login page again.
First of all thank you for sharing your approach in making your customer portal work and i am happy that i was able to help you out in this quickly. Just curious!! Where are you located and what company do you work for ?