Where is your lost password form action going to? if it’s to wp-login.php, try adding a hidden field named “redirect_to” with an appropriate value to your form. Any errors like bad usernames should then redirect to that value’s location.
I have done that… it works if it’s a correct username/email, but not on fail.
<form method="post" action="<?php echo site_url('wp-login.php?action=lostpassword', 'login_post') ?>" class="wp-user-form">
<div class="username">
<label for="user_login" class="hide"><?php _e('Username or Email'); ?>: </label>
<input type="text" name="user_login" value="" size="20" id="user_login" tabindex="1001" />
</div>
<div class="login_fields">
<?php do_action('login_form', 'resetpass'); ?>
<input type="submit" name="user-submit" value="<?php _e('Reset my password'); ?>" class="user-submit" tabindex="1002" />
<?php $reset = $_GET['reset']; if($reset == true) { echo '<p>A message will be sent to your email address.</p>'; } ?>
<input type="hidden" name="redirect_to" value="<?php echo $_SERVER['REQUEST_URI']; ?>?reset=true" />
<input type="hidden" name="user-cookie" value="1" />
</div>
</form>
I see, thanks for clarifying. Somehow, the value must be getting lost in the process somewhere, or the url you are passing is considered invalid for some reason and is discarded. All I can suggest is tracing through the process to determine where and why things are falling apart.
This would involve trial placement of var_dump($some_useful_var); wp_die(); lines at various places in the core code, then attempting a reset of a bad username. Rinse and repeat. Be sure you have the original files backed up before you muck around. It’s a tedious process, but it should yield results.
You can start at wp-login.php at line 422. If that checks out, start tracing into wp_safe_redirect() in pluggable.php. Good luck!
