Forgot password broken

tank you. work now

but reset link not work ??

Found code in retrieve_password() of WC class-wc-shortcode-my-account.php called “allow_password_reset” twice. The 2nd attempt calling to validate_lost_password_captcha() caused incorrect reset key/url.

Try add code below in validate_lost_password_captcha() before its return value:
remove_filter( ‘allow_password_reset’, array( __CLASS__, ‘validate_lost_password_captcha’ ), 10 );

Let me know if it works. Hope it helps.

I can confirm the combination of the two things above fixes the problem. Hopefully it will be fixed in the next update of this plugin.

Just for clarity, here’s the entire fix. Simply replace the lost-password.php file with this:

<?php

/* Fix from: https://www.ads-software.com/support/topic/forgot-password-broken/ */
/**
 * Class WC_Ncr_Lost_Password_Captcha
 */
class WC_Ncr_Lost_Password_Captcha extends WC_Ncr_No_Captcha_Recaptcha {

	public static function initialize() {

		// initialize if login is activated
		if ( isset( self::$plugin_options['captcha_wc_lost_password'] ) || self::$plugin_options['captcha_wc_lost_password'] == 'yes' ) {

			// adds the captcha to the login form
			add_filter( 'woocommerce_lostpassword_form', array( __CLASS__, 'display_captcha' ) );

			// authenticate the captcha answer
			add_filter( 'allow_password_reset', array( __CLASS__, 'validate_lost_password_captcha'), 10, 2 );
		}
	}

	/**
	 * Verify the captcha answer.
	 *
	 * @return WP_Error
	 */
	public static function validate_lost_password_captcha( $allow, $user_id ) {
		if ( ! isset( $_POST['g-recaptcha-response'] ) || ! self::captcha_wc_verification() ) {
			return new WP_Error( 'empty_captcha', self::$error_message );
		}
		remove_filter( 'allow_password_reset', array( __CLASS__, 'validate_lost_password_captcha' ), 10 );
		return $allow;
	}
}

Hi!

The fix is working, but I’m not receiving error message now when user tries to reset password without checking google recaptcha. It just refreshes the page!

Would you please check this!

• This reply was modified 6 years, 5 months ago by jackal.

I have fixed this issue in the latest version.

Thanks everyone for your contributions

Hi Collins Agbonghama thanks for your support.

“Password reset is not allowed for this user” is fixed now but we faced another issue during reset password i.e email sent through reset password link consist of error message instead of reset key you can see in the link below we got

/my-account/lost-password/?key%5Berrors%5D%5Bempty_captcha%5D%5B0%5D=Invalid%20Captcha&&id=4

when Lost Password Form is enabled from admin when we disable the Lost Password Form captcha from admin then it works fine for me but it shows a notice

Notice: Undefined index: captcha_wc_lost_password in /wp-content/plugins/no-captcha-recaptcha-for-woocommerce/lost-password.php on line 11

Hello!

I still have the same issue what @iwdtest01 described before.

Any idea how to solve?

@iwdtest01 you shouldn’t have WP_Debug set to true for production site. Setting it to false will remove that notice.

@warholik are you on the latest version?

Hi Collins

I have updated the nocapthca as well as the woocomerce to the ltets, yet now when i try to reset user password, if i click on the link that is sent to the users email address, it just takes me back to the password reset page where i have to enter the email address again. please advise.