WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Lost Password, Link In Email Not Valid (key), 'Fix' Does Not Work (28 posts)

  1. lisa_clev
    Member
    Posted 6 years ago #

    Hi all,

    I am using WordPress 2.5.1. I wish I never upgraded. First of all, I have a plug-in on my blog so that all my members have to register. Now there is an issue with 2.5.1 where if a member looses their password and click the 'Forgotten Password' link, the link in the email states "Sorry, that key does not appear to be valid."

    I started researching this on the internet. I found a couple of sites stating the same thing. Once of them stated that WordPress was already aware of the issue. So I looked into going to WordPress bug site Trac. I found the bug report and apparently the fix. See here: http://trac.wordpress.org/changeset/7837

    I thought this was great. I followed the instructions exactly and edited my php files. Uploaded them, no success. Still the same weird characters. I cleared my cookies and cache, tried again. Still same issue. I removed the files completely, then downloaded the files from Trac thinking I might've done something wrong with editing the php files myself. Uploaded and still the same issue.

    I realise other people are having this issue and are locked out of their blog. I'm not locked out of my blog, my users are and I realise I can manually change their passwords but I really do not want to do that. I would rather fix this issue. Is there something I am doing wrong?

    I'm not sure what to do next. I hear they will be releasing 2.5.2 soon because of this issue, but obviously no-one knows when this could be. I really would like to fix this ASAP.

    Thank you for reading.
    -Lisa

  2. Samuel Wood (Otto)
    Tech Ninja
    Posted 6 years ago #

    Download the ZIP file with those two changed files here:
    http://trac.wordpress.org/changeset/7837?format=zip&new=7837
    Unzip it using WinZIP or something, then upload those two changed files to your site.

    Now try the forgotten password thing. It should work and not have those weird characters in it. Note that they will have to generate a new email and such through the forgotten password link, this won't make those old emails magically work.

    Edit: Actually, looking closer at the code, I see that it won't regenerate the key if one is already there. You'll need to clear the user_activation_key data or force it to regenerate those.

    Just above that code it gives in wp-login.php is a line that read like this:
    if ( empty($key) ) {

    Try changing it to this:
    if ( empty($key) || preg_match('/[^a-z0-9]/i',$key) != 0) {

    I think that will make it work. Not sure though, have not tested it.

  3. lisa_clev
    Member
    Posted 6 years ago #

    Now try the forgotten password thing. It should work and not have those weird characters in it. Note that they will have to generate a new email and such through the forgotten password link, this won't make those old emails magically work.

    Hi, thank you for replying. I did have a reply all typed up for you but I deleted it as I tested something else. I will explain below best as I can. I hope I make sense....

    I'm the admin of my blog, naturally. Again, my blog is private. I have a plug-in on there so only registered users can see my blog. So therefore you have to be registered OK? Make sense so far?

    A couple of day ago I received an email from one of my members. She explained that whatever *I* did she cannot login. That coincided with my upgrade from 2.5 to 2.5.1. She explained that the link she got in the email to get her password said it was invalid. I immediately started testing my blog. I made a new username up. I named that 'test' and I did the forgot password. I got an email with a key with funky characters and even though I pasted manually the entire thing in, it didn't work. I'm sure you are still following me here?

    I uploaded those files already that you linked me to. I then assumed it did not work because I got the exact same generated key with funky characters as above on the test account with the email. That above reason is why I assumed it did not work.

    I then tried it on my husbands account and yes you are right it does work. BUT ONLY because he has not previously requested his password, so he gets a valid key. Now, that is good for people who have not requested their password, but what about those who have? They do not get refreshed emails, they just get the same crappy link with the code all wrong. How do I fix that? I know I can manually change passwords but again, I would rather let my users change their own profiles.

    Thanks again.

    EDIT Thank you for the edit. I will test it now on my test account and let you know. I started this post hours ago but never got around to posting it. Called away, then dinner, then I edited. So hours had passed before I finally click the 'Post' button.

  4. lisa_clev
    Member
    Posted 6 years ago #

    Update: Your code works. Brilliant. Thank you ever so much. Just a thought, but maybe you could add that lovely code into the fix too? Then those people having issues with getting the same funky code in the link, after the blog owner had uploaded the 'fix' files. They would be fixed and get a good valid link.

    Again, thank you ever so much. If not, maybe people might see my thread here and get help from your great coding and the fix files.

    I really appreciate your help.

    -Lisa

  5. Samuel Wood (Otto)
    Tech Ninja
    Posted 6 years ago #

    Just a thought, but maybe you could add that lovely code into the fix too?

    Already brought it up on the bug tracker:
    http://trac.wordpress.org/ticket/6842

  6. lisa_clev
    Member
    Posted 6 years ago #

    Awesome. Thank you ever so much. Officially resolved!! :-)

    -Lisa

  7. craiger
    Member
    Posted 6 years ago #

    I wish I could say the same.

    Just upgraded a Private Blog to 2.5.1 and had a User report that the Lost Your Password function was not working.

    I tested it and am getting the same

    Sorry, that key does not appear to be valid.

    after clicking on the link sent via email.

    Found this thread and made all changes as required (all 3).

    Still does NOT work. The only thing that does work is now the key that is sent in the email IS different each time. Still getting the "key does not ... valid" message.

    Any suggestions?

    --Craig

  8. lclun
    Member
    Posted 6 years ago #

    Thanks Otto42 for the fix, is it just Gmail that do not treat certain characters as part of the link or the same goes to others like Yahoo or Live?

  9. DeanSaliba
    Member
    Posted 6 years ago #

    Thank you, I found this topic by searching Google and the little bit of code that Otto42 suggested replacing did the trick. :)

  10. Netoriginator
    Member
    Posted 6 years ago #

    Otto,

    You also have my thanks.. I got the same error.. googled the error and got this forum - installed the 2 files, made the code change.. it all worked

  11. erikeric
    Member
    Posted 6 years ago #

    ¡Muchos gracias, Otto!

    Downloading the two files, editing the wp-login.php file with the code snippet you provided and uploading them over my existing wp-login.php and pluggable.php fixed it. Now myself and my users can reset their passwords all day long without a problem.

  12. ozgirl57
    Member
    Posted 6 years ago #

    From me also ... thank you so much!

  13. orangeena
    Member
    Posted 6 years ago #

    I tried to download the zip file above and my computer is blocking access to the contents after download. i changed all of the security settings that i know how to change and its still blocking them.

    I edited the code suggested above and that alone did not work.

    any suggestions? is there anywhere i can get the files unzipped?

    i'm locked out of my blog rignt now! eek!

    thanks

  14. orangeena
    Member
    Posted 6 years ago #

    nevermind. i just finally got to the zipped files.

    all is workign perfectly now.
    thanks!

  15. mgnbrunty
    Member
    Posted 6 years ago #

    Craig,

    It's not entirely clear from the above stream of comments, but to get this to work for users who have previously requested password reset, you have to replace the files AND make an additional change on line 94 of wp-login.php

    Fire up your favourite text editor and replace the line
    if ( empty($key) ) {
    with the line
    if ( empty($key) || preg_match('/[^a-z0-9]/i',$key) != 0) {

    There are other places you could be making the change, I did it on line 94 then it worked.

    Mike

  16. roflman79
    Member
    Posted 6 years ago #

    thx

    if ( empty($key) || preg_match('/[^a-z0-9]/i',$key) != 0) {

    worked perfectly

  17. crumahara
    Member
    Posted 6 years ago #

    Otto42! Thank you so much! you saved me!

  18. case42
    Member
    Posted 6 years ago #

    Flippin' Brilliant! You saved me from certain death, as I had set up a blog for a corporate client, and suddenly, after the upgrade, the president couldn't remember his password - this saved me! Thanks, Otto42!

  19. fathom
    Member
    Posted 6 years ago #

    I'm still in a feedback loop... everything works but when clicking on the linked to page to login with the new generated password... I only go to:

    http://www.ituvideo.com/wp-login.php?redirect_to=%2Fwp-admin%2F and that's it.

  20. fathom
    Member
    Posted 6 years ago #

    ok - it was a cache memory problem... after clearing cache "worked great!"

  21. lapupachasonno
    Member
    Posted 6 years ago #

    it doesn't work to me.
    the strange thing is that i have never forgot the password, i've a mail with info.
    the strange thing happend to me is that i've changed name for login from login to lapupachasonno and when i asked for in the mail using my e-mail address it has been delivered for login: admin.

    i dowloaded the zip, changed the line, uploaded on my server, and it still doesn't work.
    any idea?

    please.
    LPc'HS
    sorry for english

  22. lapupachasonno
    Member
    Posted 6 years ago #

    resolved. sorry. and thanks any way.
    ;-)

  23. Opethian
    Member
    Posted 6 years ago #

    None of the information here worked for me. I was able to resolve my issue anyways by:

    http://www.village-idiot.org/archives/2007/05/22/wp-emergency-password-recovery/

    Posting this in here if in case some one else comes by this problem.

    It's supposedly a 2.3.x fix, but it does work with 2.5.1 as well.

  24. nagooooyen
    Member
    Posted 6 years ago #

    @Opethian

    Thank you so much. After countless frustrating attempts to reclaim my lost password this definitely worked.

    Again, for those who are in the same boat:

    http://www.village-idiot.org/archives/2007/05/22/wp-emergency-password-recovery/

  25. passionforhealth
    Member
    Posted 5 years ago #

    Hi all, I have this problem too. I downloaded the Zip file provided by Otto42, but I can't see any files in it. If I click 'extract all files' and go through the wizard, Windows blocks me. Can anyone offer me any assistance? Many thanks.

  26. passionforhealth
    Member
    Posted 5 years ago #

    update: I eventually managed to see the files in the Zip file using a free utility called Zipfocus. I replaced the two files, made the code change to wp-login.php and our lost/reset password feature now works perfectly. Thanks for all the advice above.

  27. MPRadamacue
    Member
    Posted 5 years ago #

    I have done this. Made the code change and this what I am still getting:

    The requested URL /stopthemadness/Stop The Madness/wp-login.php was not found on this server.

    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

    I don't know why the file page is in there. Anyone?

  28. mbeazley
    Member
    Posted 5 years ago #

    Hey Otto. You da' man!!! Downloaded the new files and edited 'wp-login' per your instructions. My Lost Password problems with WP 2.5.1 are no more. Thanks for your help!

Topic Closed

This topic has been closed to new replies.

About this Topic