wp_lostpassword_url redirect errors?

  • So I guess this is an issue that’s bound to have come up –

    I want to use WP login without showing users the backend (or even that it’s built on WP really). All is smooth except:

    When a user uses the lost password reset, and enters an invalid username/email. Then, it redirects to the backend login instead of my reset page. If it’s a valid username or email, it shows the correct view. But really, how many people that forget a password aren’t going to forget their username or the email they signed up with?

    Help? Advice? Is this a bug, or is it something that I can get around some other way?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator bcworkz

    (@bcworkz)

    Where is your lost password form action going to? if it’s to wp-login.php, try adding a hidden field named “redirect_to” with an appropriate value to your form. Any errors like bad usernames should then redirect to that value’s location.

    Thread Starter Alice Brosey

    (@ambrosey)

    I have done that… it works if it’s a correct username/email, but not on fail. 

    <form method="post" action="<?php echo site_url('wp-login.php?action=lostpassword', 'login_post') ?>" class="wp-user-form">
        <div class="username">
          <label for="user_login" class="hide"><?php _e('Username or Email'); ?>: </label>
          <input type="text" name="user_login" value="" size="20" id="user_login" tabindex="1001" />
        </div>
        <div class="login_fields">
          <?php do_action('login_form', 'resetpass'); ?>
          <input type="submit" name="user-submit" value="<?php _e('Reset my password'); ?>" class="user-submit" tabindex="1002" />
          <?php $reset = $_GET['reset']; if($reset == true) { echo '<p>A message will be sent to your email address.</p>'; } ?>
          <input type="hidden" name="redirect_to" value="<?php echo $_SERVER['REQUEST_URI']; ?>?reset=true" />
          <input type="hidden" name="user-cookie" value="1" />
        </div>
      </form>
    Moderator bcworkz

    (@bcworkz)

    I see, thanks for clarifying. Somehow, the value must be getting lost in the process somewhere, or the url you are passing is considered invalid for some reason and is discarded. All I can suggest is tracing through the process to determine where and why things are falling apart.

    This would involve trial placement of var_dump($some_useful_var); wp_die(); lines at various places in the core code, then attempting a reset of a bad username. Rinse and repeat. Be sure you have the original files backed up before you muck around. It’s a tedious process, but it should yield results.

    You can start at wp-login.php at line 422. If that checks out, start tracing into wp_safe_redirect() in pluggable.php. Good luck!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘wp_lostpassword_url redirect errors?’ is closed to new replies.