Found a possible bug in the password recovery e-mail.

  • Resolved Salocin.TEN

    (@salocinten)


    9 years, 2 months ago

    Hi,

    Been using this plugin for a client.

    I may have found a possible bug in the code that manages the recovery of user passwords.
    In the e-mails that are sent, the shortcode [user_login] is replaced with the user ID.

    After a few hours of searching, I found that it is within this function sb_we_lost_password_message in the file sb_welcome_email_editor.php (the only file really).

    The patch can be applied after the global variable $wpdb declaration at the top..

    if (is_int($user_login)) {
    $user_info = get_user_by(‘id’, $user_login);
    $user_login = $user_info->user_login;
    }

    This will detect if the user login is an unusual integer (it should be string), and if so, searches the user database by ID and reassigns the user login to the variable.

    It has been tested a number of times to be working.

    If there is a better fix, do suggest.

    Thank you.

    https://www.ads-software.com/plugins/welcome-email-editor/

Viewing 7 replies - 1 through 7 (of 7 total)

  • I was having the same issue. This solved my problem. Thanks so much for this!

    Thanks. I’ve added this to V4.5.1 onwards

    Hi Sean,

    Do you have an estimate release for V4.5.1, or should I try the patch in this post to correct issue of password reset sending ID rather than username?

    Thank you. Yael

    It’s out. Has been for a week ??

    Hi Sean

    I have version Version 4.5 installed and shows no updates, so is that the most recent version?

    I ask because I have still have the issue. When Theme My Login and SB Welcome Email is active, the password reset email includes the user ID rather than the username, and therefore does not work.

    When I deactivate SB Welcome Email, Theme My Login password reset works as expected, sending username in reset link rather than user ID.

    Perhaps I need to update SB Welcome Email manually to 4.5.1?

    Thanks, Yael

    I pushed live a version number bump today (4.6) which hopefully will get the changes to you. Let me know if it doesn’t fix the problem,.

    thanks
    Sean

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Found a possible bug in the password recovery e-mail.’ is closed to new replies.