Critical error when setting new user password

  • Hi,

    Over the past few weeks new users get an error message when their registration email is sent and they click on the link to create their password. The page loads, the user enters their password, and when they click Reset Password, it returns the following:

    There has been a critical error on your website.
    Learn more about debugging in WordPress.

    Here’s what the log shows:

    [03-Dec-2019 02:44:20 UTC] PHP Fatal error: Uncaught Error: Call to a member function exists() on null in /wordpress/core/5.3/wp-includes/user.php:1365
Stack trace:
#0 /wordpress/core/5.3/wp-includes/pluggable.php(2532): clean_user_cache(NULL)
#1 /wordpress/core/5.3/wp-includes/user.php(2453): wp_set_password('ChangeMe12345', NULL)
#2 /srv/htdocs/wp-content/plugins/uncanny-learndash-toolkit/src/classes/frontend-login-plus.php(1806): reset_password(Object(WP_Error), 'ChangeMe12345')
#3 /wordpress/core/5.3/wp-includes/class-wp-hook.php(288): uncanny_learndash_toolkit\FrontendLoginPlus::validate_reset_password('')
#4 /wordpress/core/5.3/wp-includes/class-wp-hook.php(312): WP_Hook->apply_filters(NULL, Array)
#5 /wordpress/core/5.3/wp-includes/plugin.php(478): WP_Hook->do_action(Array)
#6 /wordpress/core/5.3/wp-settings.php(523): do_action('init')
#7 /srv/htdocs/wp-config.php(84): require_once('/wordpress/core...')
#8 /wordpress/core/5.3/wp-load.php(42): require_once('/srv/htdocs/wp-...')
#9 /wordpress/core/5.3/wp-blog-header.php(13): require_once('/wordpress/core...')
#10 /wordpress/core/5.3/index.php(17): require('/wordpress/core...')
#11 {main}
thrown in /wordpress/core/5.3/wp-includes/user.php on line 1365

    It doesn’t look like there’s any caching on that page. I’ve tried disabling all other plugins and it still won’t work.

    We’re using the WP 5.3 and the latest version of Uncanny.

    Help?

Viewing 15 replies - 1 through 15 (of 18 total)
  • Plugin Author Uncanny Owl

    (@uncannyowl)

    Hi, we haven’t seen this one before but we definitely want to better understand what’s happening. Can you provide a screenshot somehow of your Front End Login settings? Can you also confirm if you’re using any other plugins that might modify registration or login, such as plugins that force strong passwords, recaptcha, anything like that? If you do use something like that, can you confirm which plugins? And if you have a Staging site, can you confirm whether you still have the fatal error if the ONLY plugin that’s active is the Toolkit?

    Thanks

    Thread Starter nuthole2003

    (@nuthole2003)

    Here are the Reset Password settings for the front-end login:

    View post on imgur.com

    View post on imgur.com

    View post on imgur.com

    Here’s a few screenshots of all the active plugins:

    View post on imgur.com

    View post on imgur.com

    We don’t use anything to force strong passwords (I did try a strong password with the password reset anyhow and still the same result). No recaptcha either.

    I don’t have a staging site setup right now, but I did disable ALL plugins accept the Toolkit and still had the same error. I originally went through and disabled plugins one at a time to see if it was one of the plugins causing the error until I ended up with just the Toolkit enabled.

    Thread Starter nuthole2003

    (@nuthole2003)

    Any ideas on this?

    Plugin Author Uncanny Owl

    (@uncannyowl)

    We’re still not able to reproduce this issue, so we suspect it’s something at the host level. Can you tell us what host you’re with? Sometimes hosts add custom functionality that’s not listed on the plugins page. Can you also see if there’s anything listed under Plugins Installed Plugins > Must Use (at the top of the plugins page)?

    Thread Starter nuthole2003

    (@nuthole2003)

    The site is hosted with Pressable. “Must Use” doesn’t come as an option when I go to Plugins > Installed Plugins.

    I’ll check with the host and see what they’ve got…

    Thread Starter nuthole2003

    (@nuthole2003)

    Okay, I had the host (Pressable) look into this, and here’s the debug log when they ran a test to set/reset the password:

    #1 /wordpress/core/5.3/wp-includes/user.php(2453): wp_set_password(‘REDACTED', NULL)
#2 /srv/htdocs/wp-content/plugins/uncanny-learndash-toolkit/src/classes/frontend-login-plus.php(1806): reset_password(Object(WP_Error), ‘REDACTED')
#3 /wordpress/core/5.3/wp-includes/class-wp-hook.php(288): uncanny_learndash_toolkit\FrontendLoginPlus::validate_reset_password('')
#4 /wordpress/core/5.3/wp-includes/class-wp-hook.php(312): WP_Hook->apply_filters(NULL, Array)

    “REDACTED” is where they attempted to set the password. Initially, Pressable said from that, “It seems like Uncanny is passing off the password without the username…”

    They followed up after digging a bit deeper and said the following:

    I was able to reproduce the critical error, but only after trying to reset the password twice. In other words, if I reset the password, follow the reset link and type my new password, it works on the first go. If I try it again, then it fails.

    The reason for this is because the token/key used to reset the password expires after the first attempt.

    The uncanny-learndash-toolkit plugin developers should create some sort of exception to test for the validity of the password reset token.

    That’s beyond my scope, and it seems to be happening on the first try when new users are sent the email to set their password.

    Any ideas as to what would be the best course of action?

    I’m having this exact issue and my host Siteground identified it was the uncanny-learndash-toolkit. Error debug below.

    Fatal error: Uncaught Error: Call to a member function exists() on null in /home/labanima/public_html/researchanimaltraining.com/wp-includes/user.php:1365 Stack trace: #0 /home/labanima/public_html/researchanimaltraining.com/wp-includes/pluggable.php(2532): clean_user_cache(NULL) #1 /home/labanima/public_html/researchanimaltraining.com/wp-includes/user.php(2453): wp_set_password(‘T9ajgM5TX4DGHZH’, NULL) #2 /home/labanima/public_html/researchanimaltraining.com/wp-content/plugins/uncanny-learndash-toolkit/src/classes/frontend-login-plus.php(1806): reset_password(Object(WP_Error), ‘T9ajgM5TX4DGHZH’) #3 /home/labanima/public_html/researchanimaltraining.com/wp-includes/class-wp-hook.php(288): uncanny_learndash_toolkit\FrontendLoginPlus::validate_reset_password(”) #4 /home/labanima/public_html/researchanimaltraining.com/wp-includes/class-wp-hook.php(312): WP_Hook->apply_filters(NULL, Array) #5 /home/labanima/public_html/researchanimaltraining.com/wp-includes/plugin.php(478): WP_Hook->do_action(Array) #6 /home/labanima/public_h in /home/labanima/public_html/researchanimaltraining.com/wp-includes/user.php on line 1365

    They disabled the plugin and the issue has stopped but my site uses FrontEndLogin so it would be great to get a fix. Please advise.

    Plugin Author Uncanny Owl

    (@uncannyowl)

    Hi all, sorry for the delay. We’re still looking at this issue; Pressable seems to have suggested the cause is reusing a previously used reset password link, but Jon’s experience suggests it’s a more common occurrence.

    Can either of you provide additional detail on what plugin you’re using to enable users register on your site? That may provide some additional clues. Jon, are you seeing the errors occur on initial password reset right after registration as well?

    Thread Starter nuthole2003

    (@nuthole2003)

    We use LearnDash LMS and integrate it with SamCart. We also have Wishlist installed, really just to limit access to one or two pages that LearnDash keeps public that we would prefer to be private and for users only. I have Wishlist set to NOT manage the password or require a strong password, and the issue still persists even if I disable Wishlist.

    Anyhow, users purchase a course via SamCart, and the integration automatically registers the new user with the email address they used on checkout, and it sends the WordPress default new user registration email with password reset link to the new user.

    I have another plugin installed, WP Core Emails Pro, which simply allows me to edit and style the WordPress default emails.

    I set all this up back in June, and it’s been running relatively smoothly up until about a month ago.

    Plugin Author Uncanny Owl

    (@uncannyowl)

    Hi all, we’ve got a preliminary fix in place, but we’d like to validate it on sites that are experiencing the issue prior to release (so far we are unable to replicate the issue on our development servers).

    Can you test the following pre-release version of the plugin on a staging copy of your site to see if it resolves the error?

    https://wetransfer.com/downloads/fcd84214e49d4df2cd39fae6247a852220191223195659/17d647c86886eed1d298ca28223286e120191223195659/c55ed1

    Thanks!

    Thanks for looking at this for us. My site is still in beta and quiet over the festive season so I’ve installed the pre-release version of the plugin on my main site. It’s not all users who have an issue. I manually create accounts so I will continue to do so and see if get any more complaints from users. Thanks.

    Thread Starter nuthole2003

    (@nuthole2003)

    Sorry, I’ve been out for the holidays. Could you please upload that again and I’ll give it a whirl? Thanks!

    Hello. Has this issue been resolved?

    I’m still getting occasional complaints where users can’t reset their password successfully.

    They are taken to this page …/?action=validatepasswordreset&issue=expiredkey and receive the error “Invalid password reset link.”

Viewing 15 replies - 1 through 15 (of 18 total)
  • The topic ‘Critical error when setting new user password’ is closed to new replies.