Custom password reset link

  • Resolved meadows19

    (@meadows19)


    7 years, 1 month ago

    Hello,

    I’m using a membership plugin (Restrict Content Pro) which has its own login and reset password page.

    When I request a reset password link, that plugin sends me this link:
    https://www.example.com/login/?rcp_action=lostpassword_reset&key=btFhTyhg5wrlLQwPHLr8&login=jimbob%40gmail.com

    However, when I use the Better Notifications email, and use the [password_reset_link] code, the email gets sent with this link, which doesn’t work:
    https://www.example.com/login/?action=rp&key=qYLgdK8Qa579yDglqEhg&login=jimbob@gmail.com

    Is there a way I can change the link in the email to be the same as the one generated by the plugin, which is what actually works to reset the password? You can see the code they’re using to generate the link here: https://github.com/restrictcontentpro/restrict-content-pro/blob/master/includes/login-functions.php

    Thank you kindly for your help.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter meadows19

    (@meadows19)

    7 years, 1 month ago

    Basically, all I need to change from the original link is:

    action=rp into rcp_action=lostpassword_reset

    and then it works.

    and maybe the @ sign (or any + signs) should be sanitised too in the future if possible.

    • This reply was modified 7 years, 1 month ago by meadows19.
    Plugin Author bnfw

    (@voltronik)

    7 years, 1 month ago

    Hi @meadows19,
    Thanks for your message.

    Your right in that would be useful. Currently there’s no way to change this within BNFW but it is something I have on the roadmap.
    For now, unless you’re happy re-writing the lost password reset URL on the fly using some kind of regex redirection then I’m not sure how possible it will be to do this unless RCP has an option to disable their functionality that they add to the URL.

    Thanks,
    Jack

    Thread Starter meadows19

    (@meadows19)

    7 years, 1 month ago

    Hello,

    Thank you very much for your ideas.

    I looked into regex redirection as you mentioned and found that using a plugin called ‘Redirection’ I can use this regex:

    replace /(\?action=rp&key=)(.*)
    with \?rcp_action=lostpassword_reset&key=$2

    and that seems to do the job.

    It’s less than ideal because I already have about 60(!) plugins on my site, and I’m loath to add a significant new one (Redirection) just for this one-off small job.

    I’d much rather just go into the code for BNFW and, say, edit any reference to action=rp and replace it with rcp_action=lostpassword_reset.

    Not a good idea to edit plugin code, I know, but I actually tried that first and I couldn’t get it to work.

    Is there any way of doing that? If not, I guess I’ll just have to stick with the Redirection solution for now.

    Plugin Author bnfw

    (@voltronik)

    7 years, 1 month ago

    Hi @meadows19,
    Glad it’s working with the regex redirection using the Redirection plugin.

    I use that plugin too and the main BNFW website is running over 60 plugins so understand your concern to add another one. It’s possible you can do this in your htaccess file instead (if you have access) which might be a better option for you if you don’t think you’ll need to add further redirects in the future.

    I’ve added details of plugins that modify the password reset url in this way to the roadmap in the hope that I can provide better compatibility in the future.

    Thanks,
    Jack

    Thread Starter meadows19

    (@meadows19)

    7 years, 1 month ago

    Thank you, I will look into modifying the htaccess file as you suggested.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Custom password reset link’ is closed to new replies.