• Plugin Author Jeff Farthing

    (@jfarthing84)


    This thread is meant to be the “goto” source for the current number one problem plaguing TML users – the password reset issue. There are a few known problems along with a few solutions that I will outline below.

    Password reset form is unusable
    WordPress 4.3 changed the way that the password reset process is presented. Instead of typing the password twice, you are presented with a single field which has an auto-generated password already in it. You can manually change this to something of your liking, if you wish.

    TML has not yet been updated to be compatible with this new experience. However, TML 6.4 RC1 has just been released, which means that the official fix is right around the corner.

    Password reset always returns an invalid key error
    Before WordPress 4.3, not sure exactly when, the password reset process was also changed. When you reset your password, you get an email with a link to click to perform the actual reset. This link includes a secure reset key. The problem was, this key was passed around in the URL, potentially in the clear if not using SSL. So the WP developers changed the code to store the password reset key in a cookie when you fist click the link from your email. This is all fine and dandy.

    The problem with this cookie method and TML arises when you either use a page caching plugin or are using a host who employs their own caching method, which is very common for WP specialized hosting. These hosts exclude wp-login.php from their caching system. However, as you know, TML takes this process and puts it into a regular WP page, which isn’t excluded from these types of caching systems.

    The answer to this is actually quite simple. You either exclude the Reset Password page from your caching plugin or ask your host to do it.

    https://www.ads-software.com/plugins/theme-my-login/

Viewing 15 replies - 1 through 15 (of 77 total)
  • Hello Jeff,
    after creating a new user, wordpress will propose a password and send an email with a link directed to the resetpass page.
    In this page, the user is proposed to create a password. When typing it in the relevant box, a second box is showing what the user is typing.
    Then once this is done, the user is requested to type the password on a 3rd box “Confirm new password” but here is the problem.
    Each character that is typed in the 3rd box will clear the 1st and the 2nd box with only one character.
    If I choose “password” as the password, I would then first type on the 3rd box “p” and that would replace “password” by “p” on the 1st and the 2nd box. Then I would type “a” and that would would replace “p” by “a” on the 1st and the 2nd box…
    So I cannot have the same password on the three boxes and I am blocked.
    I hope I am clear enough.
    I am on WordPress 4.3
    Thank you for your help, best regards, Stephan

    Using 6.4-RC1:

    Chrome DevTools is open with “Disable cache (while DevTools is open)” option selected and no caching plugin on the server.

    The “Password reset always returns an invalid key error” issue still exists for me. Please let me know if I can provide more information. I can step through the code via Xdebug if you have a specific variable or control flow you want me to check.

    Thanks.

    With TML 6.4 RC 1, but password reset form is still unusable – when I try to type the password confirmation, the first field resets and I always get Passwords do not match error. Is this gonna be the final version?

    Though, there is no key expired error.

    Mike

    (@thewordpressdude)

    I installed the TML 6.4 RC1 update and it seems to work great with 4.3, and even 4.3.1. I was able to reset my password and it all went well.
    Thanks,
    Mike

    Okay, I found the root of the issue, I had customized profile and password reset pages under my theme folder, they were taking over new TML beta pages.
    All looks to be fine!
    Thanks

    Plugin Author Jeff Farthing

    (@jfarthing84)

    @lkagan Using Chrome’s dev tools, look at the Network tab and make sure that “Preserve log” is checked. Directly copy/paste the reset link into the browser. The first request should issue a redirect with a cookie attached to it. The second request should also contain that cookie. Start there.

    P.S. The “Disable cache” option only disables your browser’s cache, not server side caching.

    watching for updates

    I have two similar (same theme) websites with TML. With both sites, I’ve updated to WP 4.3.1 and TML 6.4. On one site, everything is working great. On the site that uses SSL and W3 Total Cache, everything works except when resetting a password, it says key is invalid. W3 Total Cache is only caching static files and serving them from a CDN, so it’s not caching pages. Regardless, I deactivated it, but that didn’t solve the problem. I notice that when I click the lost password link, there’s a redirect that strips the query string and saves a cookie. The correct key and username/email is stored in the cookie. But the hidden fields “key” and “login” on the reset-password page are left blank. Since the only difference between the 2 sites is SSL, my guess is there is a problem reading the cookie when using https?

    hello all,
    as far as I was concerned, it looks like I had too many extensions working on (TML, SB Welcome Email Editor, WP Better Emails)
    I only kept TML and now it is working fine although my emails is not a nice as they were before but I can cope with this.
    So I am not sure the issue I had was related to TML.
    Best regards, Stephan

    woops, nevermind. Like kseniyasqo found previously, those hidden fields on the reset pass form have been updated with 6.4, and when I include those changes (using the $GLOBALS variable) and rp_key in my template the key is valid and the password is reset! Thanks for the great plugin!

    Hi Jeff,

    first at all, thanks for your work and time to develop this great plugin!
    Like some others, I have the “invalid key error”-issue.
    I contacted my hoster to remove pages form the server cache to try to solve the issue.
    They excluded /wp-content/plugins/theme-my-login/templates/resetpass-form.php but that does not solve the problem.
    Can you be more specific, which pages needs to be excluded?

    Thanks in advance,
    Jan

    FYI: using WP 4.3.1. and TML 6.4

    Ok thank you for the great plugin ??

    I’m having similar issues, except with mine it’s saying “Your password reset link appears to be invalid. Please request a new link” (even though they just did the reset link and are entering the correct auto-generated password), yet it actually is logging them in (giggle). Is it just getting redirected wrong or something? It seems so close to working…

    I’m thanking anyone that can help up front!

    Hi all,

    Theme my login 6.4 has fixed the reset password invalid key error. But actually in the bad way, it show me new password below the password field.
    Does anyone meet this issue? How to fix it officially.

    Thanks and regards!

    Ok i’m glad they fixed the invalid KEY error.

    But…

    What about what I was asking about in my post above, where it’s saying: “Your password RESET LINK appears to be invalid. Please request a new link” (even though they just did the reset link and are entering the correct auto-generated password)… I’m still getting this error.

    Does anyone know about this issue?

    Is the reset password invalid key error that star_movie_02 is mentioning the same thing as the password reset link error that I’m getting??

    Help lol ??

    Plugin Author Jeff Farthing

    (@jfarthing84)

    @fourwhitesocks Are you using the Custom Redirection moule with referer setting by any chance?

Viewing 15 replies - 1 through 15 (of 77 total)
  • The topic ‘Password Reset Issues’ is closed to new replies.