Forgot Password

Web Page Structure

Body id	Page Prefix / SMS / Email Templates	Fields List
Password_Recovery1 Password_Recovery2	Password_Recovery_Page 2FA_Phone_Code Password_Recovery_Email Password_Recovery_PageDone	by the field [hyp_Server Side Automations Settings].[Website Login System]
Use this id for custom css and js	Edit this key in Website Content You can add title and logo to the window...

"I want to change my password" (submit) Button

1. Check that the form was posted from an Html page, generated by this site. WAF will check amount of calls from user's IP address.
2. Check that all mandatory fields were filled.
3. Check the Captcha Test (simple or google.com/recaptcha). IF failed then reply the html with the fields values and let the user try again.
4. WAF test for login fields (without the password), after 3 failures the user is blocked with the message:
   'You have tried to sign-in too many times. Please wait an hour to try again.'.
5. Query for a client, According to the
   [Website Login System]
   fields list.
   
   • ID field from this form, is being compared to both
     [hyp_Clients].[ID Number]
     and
     [ID Number 2]
     fields !
   • Email field from this form, is being compared to
     [hyp_Clients].[Email]
     , as same string but NOT Case Sensitive.
     Please pay attention:
     The hyper CRM support storing more than one email address in the same field while separated with the ; char (e.g. alicia@company.com; brad@company.com).
     This type of usage will FAIL the login function. So, in an account that use the web portal it is mandatory to use a single address and without ; of course.
   • Primary phone field from this form, is being compared to
     [hyp_Clients].[1st Phone]
     , as same string including prefix.
   • CRM Condition:
     [hyp_Clients].[Handling Status]
     CANNOT have value 3 (Client Not Interested).
     
     [hyp_Clients Website Ext. Record].[Account Status]
     CANNOT have value 0 (Blocked cannot Sign-in).
6. In a rare case that query found the same credentials for multiple clients,
   The process will select the first client (lowest number) with the highest
   [hyp_Clients].[Handling Status]
   , and for that client the password recovery will be done.
7. The following fields will update on table
   [hyp_Clients Website Ext. Record]
   :
   
   New random token in
   [EMail Token] + [EMail Token at UTC] + [Last Password Recovery Request UTC]
   .
   According to the field
   [Send OTP over]
   , only one pair of fields will be updated:
   [PBX Token] + [PBX Token at UTC]
   ,
   OR
   [Phone Token] + [Phone Token at UTC]
   .
8. Two factor authentication code is sent over SMS or Phonecall (PBX).
   For SMS, the content template is "2FA_Phone_Code". Use the
   {#code}
   tag as placeholder that will be replaced with
   [Phone Token]
   (12 chars length).
   * You can merge fields from the table
   [hyp_Clients]
   .
   If template does not exist, then the SMS content will be in English:   'Your Security code is: ############'.
   In case that SMS or Phonecall cannot be executed, the process will halt (before sending the email).
9. Email address is mandatory for password recovery, the content template is "Password_Recovery_Email".
   Use the
   {#link}
   tag as placeholder that will be replaced with website's URL.
   * You can merge fields from the table
   [hyp_Clients]
   .
   If template does not exist, then the message subject will be   'Password Recovery for '+Website_English_Title,
   and the message body will be   'Please click this link to browse <a>Password Recovery page</a>.'
10. If all steps succeed, then the user will get a thank you page and an explanation to check mailbox and SMS.
    The content template is "Password_Recovery_PageDone", don't forget the H1 title...