Hello. For the sake of experiment, I installed Hestia on pure debian 11. After installation, I set it up in the admin panel and created a test user “test1”. Then I decided to test the password recovery functionality and I have to admit that it does not work correctly:
Even if I enter a correct login, but an incorrect email, there will be a message that the data for restoring access has been sent. That’s not so.
Let’s say this can be solved by writing a mailbox in the format [email protected] which is essentially the same thing, but the time is not incorrectly indicated in the title of the letter. Running the check at 18.30, I receive an email with the title “Password recovery 2023-07-02 15:30:07”, although the correct time is indicated in the system (I checked it using “date”). The time zone in the control panel also indicated the correct one, i.e. Europe/Moscow, which should work as UTC+3, but for some reason this does not happen.
The first time I installed hestiaCP I failed to place single quotes (') around the password specified in the command string, and the special character[s], well, oops, you know… Anyway, I then did the password reset thang and it did not work for me, either. But as I vaguely recall the email mentioned/contained 2 methods/links, and the other method did work for me. hth
The second method involves entering the code sent by mail into a special field for password recovery, but the link to the page with this field also does not work. By the way, for the same reason — the colon is missing.
I seem to understand the problem. She was in Russian template. When I changed the panel language to English, a colon appeared between the panel address and the port. Could you please fix this bug in the Russian language template?
By the way, I will allow myself one more comment about the logic of password recovery:
In cp Hestia, after requesting password recovery and entering login/mail, we remain on the login/mail page.
In cp MyVesta (another fork vesta), we automatically move to the page for entering the secret code that was sent to us by mail.
I think the second option is even more logical in some sense. However, first you need to check the ratio of login and mail, because now we see the message “Data for recovery has been sent” regardless of the correctness of the specified mail.
PS Will you rewrite the entire password recovery system or the entire panel? These phrases are frightening. And when will users wait for version 1.8?
The MyVestaCP option seems better to me, but okay, I realized that this is not a bug, but a feature.
PS So what’s up with version 1.8? Will you rewrite the entire panel or did I misunderstand something? And when can I expect it?
Please do not forget to fix the password recovery bug in the Russian version of the template. And why is the time displayed incorrectly in the title of the letter? Maybe it should be removed from the name altogether?
Good. And over time, something was decided in the title of the letter? If it stays there, then I’d like to understand why it’s 3 hours behind. Most likely the problem is that I have a UTC+3 time zone, but I have already specified it in the panel. What else needs to be done? In Debian itself, the time and time zone are also specified correctly.