So I did a little digging on this:
WordPress 4.2.3 had
$hashed = $wp_hasher->HashPassword( $key );
WordPress 4.3 has
$hashed = time() . ':' . $wp_hasher->HashPassword( $key );
TML 6.3.9 has
$key = wp_generate_password( 20, false );
do_action( 'retrieve_password_key', $user_login, $key );
// Now insert the new md5 key into the db
$wpdb->update( $wpdb->users, array( 'user_activation_key' => $key ), array( 'user_login' => $user_login ) );
TML 6.3.12 has
$key = wp_generate_password( 20, false );
do_action( 'retrieve_password_key', $user_login, $key );
// Now insert the key, hashed, into the DB.
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );
}
$hashed = $wp_hasher->HashPassword( $key );
$wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) );
So there’s actually two issues in here in TML 6.3.12. The first one is that $key is generated but never actually used now. The second is that $hashed does not add the timestamp wordpress expects. TML still relies on the wordpress function check_password_reset_key() which is expecting the timestamp.
This appears to be fixed in TML 6.4.1 beta
I am still getting this error on 6.4-beta2 the key expires right after it is created.
Hello, great plugin, but yes, I am still getting the key expiration error with 6.4-beta2 or (6.3.12). I have tried deactivating and reactivating to no avail.
Are either of you hosted at WPEngine or another host using Nginx?
I am not I am running on easyapache though my own webserver that runs cpanel.
Same issue here running TML 6.3.12. Site hosted on SiteGround.
Updated to TML 6.4.1 beta and all is well
Hello, I’m hosted on SiteGround (cpanel).
The Static Cache is suitable for all kinds of web sites. It is enabled by default for all SiteGround shared accounts.
https://www.siteground.com/tutorials/supercacher/static_cache.htm
I am with WPEngine (since you asked above) – is there anything I should know? I need to fix the password rest issue. (Just found the 6.4 Beta 2)
Try updating the Authentication Unique Keys section in wp-config.php
I had the same problem and this solved the issue. Here
Before making changes please backup.
I did update the auth keys – both prior to (days ago) and after installing the beta. I purged the WPEngine cache.
I should mention that I have a custom login-form.php in a child theme – would that have anything to do with my issue? – I updated to include the changes – still does not work.
I was able to make the password change once, but I realized that was only because when I clicked the email link it opened in a browser which I was already logged in as under a different user (admin).
Hello, I tried purging and turning off all caching on SiteGround. I also purged all cookies and history from my browser. I am still having the key expiration issue with 6.4-beta2 (6.3.12). Please help! My site has been down for days and my users are getting quite angry. Thanks!
