Password Reset Issues

If you have this issue and are using WPEngine or another Nginx reverse-cached proxy host, see this.

Found the possible issue causing the reset password problems.

The cookie path for wp-resetpass-xxxxxxx is being set to /login/ so it is not accessible by the /resetpass/ url which is where the New password form is submitting to.

I tested setting the cookie path to “/” and it fixes the issue.

I dont know why the wp-resetpass cookie cannot be accessible to the entire site. If there is a reason, then the $rp_path should be set to “/resetpass”.
Tested this and it fixes the issue as well.

For those that would want to know the code change:

Change line 318 in the /theme-my-login/includes/class-theme-my-login.php file
from
setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );

to

setcookie( $rp_cookie, $value, 0, "/resetpass", COOKIE_DOMAIN, is_ssl(), true );

Cheers

Thanks for the help, rodgerholl and Jeff Farthing

I have version 6.3.10 and I have a problem with resetting passwords as well.

I can’t, however, find line 318 in the .php file. Is that because of my version of it? Do you what can be done to help this problem?

My website is curiales.nl

Cheers!

Hello,

So I am still having this issue. I’m not using a custom resetpass-form template and I also tried changing the line in the /theme-my-login/includes/class-theme-my-login.php file like rodgerholl suggested; no luck. I’m not sure what else I can do.

I’m using the latest versions of both TML (6.3.12) and WordPress (4.2.2)

I am also having troubles w/the password reset. I have asked my host .. and there is no caching going on

https://rotarianactiongroupforpeace.org/

I go from this screen: https://www.rotarianactiongroupforpeace.org/login/?action=rp

to: https://www.rotarianactiongroupforpeace.org/lostpassword/?error=invalidkey

Same issue here. Rodgerhall’s suggestion didn’t work on my site.

Thanks, @rodgerholl and @jeff Farthing!

I made the changes that Jeff showed in the revised template and then make the change Rodger suggested and it’s working.

Jeff, Rodger’s fix is a change to the core files, which I’ll obviously lose on updates. What alternative is there for the future on this?

Also, I am using W3TC and made sure to set exceptions never to cache “/resetpass”.

Just an update, Been away and just getting caught up on all my lite reading.

Change line 318 in the /theme-my-login/includes/class-theme-my-login.php file
from
setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );

to

setcookie( $rp_cookie, $value, 0, “/”, COOKIE_DOMAIN, is_ssl(), true );

Using “/resetpass” does not fix the whole issue, I was using “/” even tho I provided an example of “/resetpass”

Cheers

Having the same problems. The plugin should be updated.

I am going to try your solution.
Maybe these two links help too:

https://www.ads-software.com/support/topic/lost-password-link-in-email-not-valid-key-fix-does-not-work

https://core.trac.www.ads-software.com/ticket/6842

Thanks

I can confirm this doesn′t work on my install. 4.2.2

Is this important?

When I’m using TML – I get links [still this same]
/resetpass/?key=%24P%24BTUgIuyL3EavV7zaAPJK2wzadgn80e%2F&login=

When I turn off plugin i get different link:
/wp-login.php?action=rp&key=Vduj7RK7r8YG4Koyy4fs&login=

This is critical and need to be fixed.

I do not need this login thing on this plugin.
Will it possible to have an option on the plugin that themed the profile page but does not affect the logins or passwords at all?

Thanks

@darkpollo What TML version are you using?

Latest. 6.3.12
4.2.2 on wordpress

Thanks