Following Up
-
Hi,
Just something I noticed in the changelog to the latest version:
I mentioned a few threads ago that when a user registers, and they get an email to activate their account, that the full WordPress login info (including any hidden login information) was then transmitted to the user, which is why I turned this feature off.
Is this option now repaired, or is it still a WordPress issue?
-
Yes, it should work fine now.
Just enable back the “Email Confirmation” option for registration in Forums > Settings > Features admin page. Make sure these options are set correctly in the same admin page:- Yes | Enable User Registration email confirmation
- No | Replace Registration Page URL to Forum Registration Page URL
- No | Replace Login Page URL to Forum Login Page URL
- Yes | Replace Reset Password Page URL to Forum Reset Password Page URL
Then make sure these three options are enabled in Dashboard > Forums > Settings > Email admin page:
- Yes | Overwrite WordPress New User Registration Email for Admins
- Yes | Overwrite WordPress New User Registration Email for Users
- Yes | Overwrite WordPress Reset Password Emails
It’s still not working I’m afraid, the emails are still showing the hidden login url’s.
In fact it’s gotten worse:
On a ‘lost password’ password reset, wheras before the hidden login was NOT specified, it is now specified.
I’ll try turning off the ‘Replace Reset Password Page URL to Forum Reset Password Page URL’ and see what happens.
*edit*
No good I’m afraid – turning off the reset password page url throws up the login page url, complete with the hidden login details.
- This reply was modified 4 years, 7 months ago by deeveearr.
Please don’t turn that option off!
Again, make sure all these options are set correctly, I changed the 3rd to YES:In Forums > Settings > Features admin page. Make sure these options are set correctly in the same admin page:
Yes | Enable User Registration email confirmation
No | Replace Registration Page URL to Forum Registration Page URL
Yes | Replace Login Page URL to Forum Login Page URL
Yes | Replace Reset Password Page URL to Forum Reset Password Page URLThen make sure these three options are enabled in Dashboard > Forums > Settings > Email admin page:
Yes | Overwrite WordPress New User Registration Email for Admins
Yes | Overwrite WordPress New User Registration Email for Users
Yes | Overwrite WordPress Reset Password Emails- This reply was modified 4 years, 7 months ago by gVectors Team.
I’ve already tried a password reset using the above options, and it sends the hidden login url instead of the /community/?foro=resetpassword etc link.
Rolled it all back using WP Rollback to version 1.7.2 with the settings of:
NO | Enable User Registration
YES | Replace Registration Page URL to Forum Registration Page URL
YES | Replace Login Page URL to Forum Login Page URL
YES | Replace Reset Password Page URL to Forum Reset Password Page URL…and it all works like it did yesterday with no hidden url’s showing on the reset password links.
Please never roll it back, because your forum will not have a future. Something is wrong on your website, and it should be checked deeply. You can test it on all other wpForo forums and see that there is no such problem. For deeper support please open a new support topic in wpForo community.
Rolling back is the worst thing you can do for your forum. It’s better uninstall than rolling back and wait for some magic. There will not be any change and fix related to this issue, because this issue doesn’t exist in all other forums. This is a website specific issue and need to be deeper debugged directly on your website. So, to continue this support you should open a new topic in wpForo Community and refer to this topic.
- This reply was modified 4 years, 7 months ago by gVectors Team.
I can’t really see how it’s site specific actually, as I initially enquired whether any hidden login url’s would show, or be properly hidden.
The only thing that changed following the update was that the ‘reset password’ link is now also showing the hidden login credentials, wheras before, it was not.
Are there any wpforo forums, that are running the latest version where I can test out the email reset password sending, and the forum reset password sending, please?
Testing it out on the WPForo support forum:
Just registered and it showed this in my email:
https://wpforo.com/wp-login.php?action=rp&key=lyGEzb1f24ExqTkecuPk&login=DeeVeeArr
Note the /wp-login.php in the link – this would translate to my hidden login credentials instead of wp-login on my own website.
The reset password link seems to be working on the WPForo support forum as on trying to get a new password, I’m getting:
/community/?foro=resetpassword&rp_key=xYfZx5LA6o9H7OPp2LAZ&rp_login=DeeVeeArr
The main problem here then in in trying to join up, I’m getting the WPForo login credentials in the url.
You mentioned that in the update, this was now irrelevant but it would still seem to be a problem.
I’m guessing that WPForo are running the latest version?
@deeveearr, We’re talking about different things. So the only issue you have is just the reset password URL? Am I right? You just need to change it to wpForo URL?
Seems like it, yes.
I’m fine using the forum to register without sending an email, as this would definitely expose my hidden login details :mysite.com/hidden-login-details/community/yes-you-can-try-to-hack-this-now/
The reset password url though, which was fine up until yesterday, has now also started showing my hidden login details instead of as in the WPForo example of /community/?foro=resetpassword&rp_key=xYfZx5LA6o9H7OPp2LAZ&rp_login=DeeVeeArr
How would I change the reset password link, sent out by email, to the WPForo example?
Ok, then you should find the plugin which affect the user Registration Email.
We just disabled this “Disable New User Notifications” plugin on wpForo.com and the email looks like this, you can test it again, the problem you’ve seen is fixed:
So, I was correct, wpForo works fine, we just need to find the plugin which affects the Email. Please follow these instructions:
1. Again, update to the latest 1.7.4 version, we released it a few hours ago.
2. Set YES all these options in Forums > Settings > Features admin page:
– Yes | Enable User Registration email confirmation
– Yes | Replace Registration Page URL to Forum Registration Page URL
– Yes | Replace Login Page URL to Forum Login Page URL
– Yes | Replace Reset Password Page URL to Forum Reset Password Page URL3. Set YES all these options in Dashboard > Forums > Settings > Email admin page:
– Yes | Overwrite WordPress New User Registration Email for Admins
– Yes | Overwrite WordPress New User Registration Email for Users
– Yes | Overwrite WordPress Reset Password Emails4. Lets us know if all is done, leave your forum URL.
5. Provide a full list of plugins you use and the WordPress theme name.
Right, I’ve updated to 1.7.4, and the reset password is showing the full email address again.
Give me 20, I’m just going to disable a few plugins.
Right then, I found the culprit, and it was the hidden login plugin itself.
For info, it’s the Webcraftic Hide Login page plugin.
Now that I know it’s not WPForo, I can probably get some work done at last!
I’ve still left the registration set at NO though and am going through the forum registration rather than email registration, as I reckon giving people a free run of the website login info is tempting fate a little.
Thanks for the advice, and I’m off to find a new ‘hide my login’ solution!
*edit*
By the way, did you mean that you ACTIVATED the “Disable New User Notifications” plugin?
Looks useful that does!
- This reply was modified 4 years, 7 months ago by deeveearr.
Just a quick update on this issue – testing the ‘reset password’ option again and it now looks like ALL types of ‘hide my login’ plugins will give away the credentials, so it wasn’t just Webcraftic’s fault.
Straight choice now then of either putting up with it, or rolling back to 1.7.2 where the hidden logins all worked properly.
Hey, I’m not bothered about receiving emails as an admin – nothing could be further from the truth.
I’m just a little concerned that the url sent out to users will have the hidden login credentials on it.
- The topic ‘Following Up’ is closed to new replies.