Support » Plugin: Force Login » Link in reset password email blocked

  • Resolved DomMusic

    (@dommusic)


    I know this issue has been mentioned but I am still experiencing problems with the password reset link being sent to users via email. I do have a custom login page but the PW reset page seems to be the standard WP one.
    When logged in I get to the reset password page:
    [domain]/wp-login.php?action=rp

    When logged out and clicking the link in the email I am being redirected to my custom login page like this:
    [domain]/log-in/?redirect_to=/wp-login.php?action=rp&key=[key}&login=[username]

    https://wordpress.org/plugins/wp-force-login/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Kevin Vess

    (@kevinvess)

    Unfortunately, this sounds like an issue caused by your custom login URL.

    Force Login whitelists the WordPress login/register/lost-password..etc URLs by way of the builtin function wp_login_url().
    https://codex.wordpress.org/Function_Reference/wp_login_url

    I wonder if the way your custom login URL is being applied has caused the wp_login_url() to return your custom URL instead of the default WordPress ones – thus Force Login is no longer whitelisting the original login URLs because it’s been replaced.
    https://codex.wordpress.org/Plugin_API/Filter_Reference/login_url

    Try adding the following code to your theme’s functions.php file:

    /**
     * Filter Force Login to allow exceptions for specific URLs.
     *
     * @return array An array of URLs. Must be absolute.
     **/
    function my_forcelogin_whitelist( $whitelist ) {
      // Get visited URL without query string
      $url_path = preg_replace('/\?.*/', '', $_SERVER['REQUEST_URI']);
    
      // Whitelist URLs
      if( '/wp-login.php' === $url_path ) {
        $whitelist[] = site_url($_SERVER['REQUEST_URI']);
      }
      return $whitelist;
    }
    add_filter('v_forcelogin_whitelist', 'my_forcelogin_whitelist', 10, 1);

    Thanks, I am already using a whitelist function. I realized I had to use urls with and without / for it to work. How would I include your code above in this?

    function my_forcelogin_whitelist() {
      return array(
        site_url( '/' ),
        site_url( '/about' ),
        site_url( '/about/' ),
        site_url( '/wp-login.php?action=lostpassword' ),
        site_url( '/wp-login.php?action=rp' ),
        site_url( '/login'),
        site_url( '/login/')
    
      );
    
    }
    
    add_filter('v_forcelogin_whitelist', 'my_forcelogin_whitelist', 10, 1);

    Thanks!

    Plugin Author Kevin Vess

    (@kevinvess)

    Try replacing your whitelist function with the one below:

    /**
     * Filter Force Login to allow exceptions for specific URLs.
     *
     * @return array An array of URLs. Must be absolute.
     **/
    function my_forcelogin_whitelist( $whitelist ) {
      // Get visited URL without query string
      $url_path = preg_replace('/\?.*/', '', $_SERVER['REQUEST_URI']);
    
      // Whitelist URLs
      if( '/wp-login.php' === $url_path ) {
        $whitelist[] = site_url($_SERVER['REQUEST_URI']);
      }
      $whitelist[] = site_url( '/' );
      $whitelist[] = site_url( '/about/' );
      $whitelist[] = site_url( '/login/' );
      return $whitelist;
    }
    add_filter('v_forcelogin_whitelist', 'my_forcelogin_whitelist', 10, 1);

    Also, you might want to look into fixing or changing how you’ve configured your custom login URL – there might be a way to also pass the lost-password URLs through the custom URL and eliminate this need to whitelist the original WordPress login URL.

    I think you might need help beyond what I can give on this. Thanks for using my plugin and good luck!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Link in reset password email blocked’ is closed to new replies.