Lost/Reset Password no longer working

  • Resolved Andy Feliciotti

    (@someguy9)


    11 years, 10 months ago

    I noticed with WP 3.9.2 when you get the email to reset your password it removes the get variable in the url for the key (unlike 3.9.1) but this causes the password reset to break since your plugin calls for the get variables instead of grabbing the new cookie in 3.9.2… I just wanted to make sure I’m not the only one with this issue.

    Cheers!

    https://wordpress.org/plugins/login-security-solution/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter Andy Feliciotti

    (@someguy9)

    11 years, 10 months ago

    Revisiting this I think it’s just not correctly displaying errors, for example if you give an insecure password it’ll just say incorrect key without an error explaining why

    Thread Starter Andy Feliciotti

    (@someguy9)

    11 years, 10 months ago

    Okay well I found the fix for the glitch in 3.9.2 in this plugin… basically it’s using get when it should be using the cookie

    Around line 2460 this is the code I used to fix the issue for password resets

    $rp_cookie = ‘wp-resetpass-‘ . COOKIEHASH;

    if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ‘:’ ) ) {
    list( $rp_login, $rp_key ) = explode( ‘:’, wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
    }

    if ($action == ‘rp’) {
    $uri .= ‘&key=’ . urlencode(@$rp_key);
    $uri .= ‘&login=’ . urlencode(@$rp_login);
    }

    Plugin Author Daniel Convissor

    (@convissor)

    11 years, 10 months ago

    Thanks again for the pull request and bringing this to my attention. Fixed in release 0.45.0.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Lost/Reset Password no longer working’ is closed to new replies.