Type: New Feature
Affects Version/s: None
Fix Version/s: Quest-CM
This form and post-processing should be added to the Quest module. It handles the first-time login for recommenders. Each 'new' recommender entered by a student in section 12 of the CM App will receive an email with a URL pointing to this first-time login form.
URL/invoke path for this form quest/recommender/verify in the email sent to the recommenders. The URL will include to query string parameters:
h = contact hash
m = md5 encryped recommender email address
These values should be persisted to the session. Then a form is presented to the recommender with the following 3 fields:
- Email Address
"Please enter the email address where you received this recommendation request"
- Password Confirmation
On form submit:
- Check for valid email address (format) and that the 2 Password fields are the same.
- Invoke the crm_get_contact_by_hash() API - see issue 1107 (http://issues.civicrm.org/jira/browse/CRM-1107). This API will verify that the user entered email address matches the contact hash and md5 values. If true, will return the corresponding Drupal user ID and key civicrm contact fields. If false, will return 0 (this means the user entered a different email or is hacking the login).
If login is "verified" - update the Drupal user record. Set users.status =1 and .login = current unix timestamp. Then redirect recommender to their Locker page.