Password Reset Issues

  • Plugin Author Jeff Farthing

    (@jfarthing84)


    9 years, 2 months ago

    This thread is meant to be the “goto” source for the current number one problem plaguing TML users – the password reset issue. There are a few known problems along with a few solutions that I will outline below.

    Password reset form is unusable
    WordPress 4.3 changed the way that the password reset process is presented. Instead of typing the password twice, you are presented with a single field which has an auto-generated password already in it. You can manually change this to something of your liking, if you wish.

    TML has not yet been updated to be compatible with this new experience. However, TML 6.4 RC1 has just been released, which means that the official fix is right around the corner.

    Password reset always returns an invalid key error
    Before WordPress 4.3, not sure exactly when, the password reset process was also changed. When you reset your password, you get an email with a link to click to perform the actual reset. This link includes a secure reset key. The problem was, this key was passed around in the URL, potentially in the clear if not using SSL. So the WP developers changed the code to store the password reset key in a cookie when you fist click the link from your email. This is all fine and dandy.

    The problem with this cookie method and TML arises when you either use a page caching plugin or are using a host who employs their own caching method, which is very common for WP specialized hosting. These hosts exclude wp-login.php from their caching system. However, as you know, TML takes this process and puts it into a regular WP page, which isn’t excluded from these types of caching systems.

    The answer to this is actually quite simple. You either exclude the Reset Password page from your caching plugin or ask your host to do it.

    https://www.ads-software.com/plugins/theme-my-login/

Viewing 15 replies - 31 through 45 (of 77 total)

  • Oh no I’m getting that error again…the one that says

    ERROR: The password field is empty, when trying to log in

    Aggg bummed now what, I will look at the bug report as Jeff mentioned above. So are we supposed to comment on it there instead of here?

    ** please advise: I’m not sure if the issue I’m having is the same one because I don’t have it set using the Referer redirect setting anymore yet with the Plugin activated I can’t get into my site. Should I start a new thread? I want to go about solving this the right way, thank you

    Hi all –

    I’m running WP 4.3.1 and TML 6.4. I’m testing adding new users, and created a test user for myself. When I get the confirmation message, it looks like this:

    Username: MagTest To set your password, visit the following address: <https://npsa-association.org/resetpass/?key=bAOblahblahblahblahujxLDE&login=MagTest&gt; https://npsa-association.org/login/

    (I altered the actual key for this post, in case that’s a security issue.)

    When I click on the link, it takes me to the Reset Password page, and autofills the new password field. I’m not sure if this issue has been addressed in this thread; if it was, I didn’t follow it. What can I do to fix this?

    A related question – can I get to the template for this confirmation message so I can change the text of the message?

    Thank you!! After a lot of work I am so, so close to being able to make my system go live (I’m using PaidMembershipsPro) and this is one of the last things to fix before I can import my current users and send them their confirmation messages.

    But your reset password link does not work. “YOUR PASSWORD RESET LINK APPEARS TO BE INVALID. PLEASE REQUEST A NEW LINK BELOW.”

    I have a fresh WordPress install (4.3.1) and a fresh Woocommerce install (2.4.7) and your latest TML update (6.4).

    It was better when your “admin approved” email sent the user a password.

    Right now TML approval is unusable unless I redirect the /resetpass, lostpassword/?error=invalidkey, and /lostpassword pages to the Woocommerce my-account/lost-password/ page.

    I am not using a caching plugin. My host is Bluehost.

    Still having issues with the password reset link. I get the invalid message over and over again. The site is hosted with WPEngine and I’ve already made sure they turn off caching on the reset password page. It’s still not working.

    This is an ecommerce site so like the previous comment I’m running WP 4.3.1 WooCommerce 2.4.7 and TML 6.4

    Plugin Author Jeff Farthing

    (@jfarthing84)

    Can you explain the entire process? Do either of you actually get to the point of entering a new password?

    Nope. I hit the lost password link on the login page, then I put in my email address or username for the password reset email. I get the email, but when I follow the link it gives the following error:

    “Your password reset link appears to be invalid. Please request a new link below.”

    Plugin Author Jeff Farthing

    (@jfarthing84)

    How have you made sure they turned off caching? Have you inspected the headers via Chrome or Firefox dev tools?

    Hi,
    if i am going to reset password have received reset password mail example is mentioned below: but link address is missing, what should i do?

    someone requested that the password be reset for the following account:https://www.insuranceinfo.co.in/?Username: Himanshuxx If this was a mistake, just ignore this email and nothing will happen. To reset your password, visit the following address:

    Himanshu

    Plugin Author Jeff Farthing

    (@jfarthing84)

    Are you using the Custom E-mails module? If so, have you included the link?

    Hello, Jeff Farthing!
    On WP 4.3.1 TML is not working correctly. In particular, it does not work change passwords without running login … When you disconnect plug everything back working …

    Best Regards,
    Alexey.

    Plugin Author Jeff Farthing

    (@jfarthing84)

    I don’t understand what you mean…

    Are you using the Custom E-mails module? If so, have you included the link?

    did not understand Please clear!! same problem facing, reset password / lost password process can not work we have only received mail

    Exmp: someone requested that the password be reset for the following account:https://www.insuranceinfo.co.in/ Username: Himanshuxx If this was a mistake, just ignore this email and nothing will happen. To reset your password, visit the following address:…………………. link not available. link colmnn is blank.

    Parbhu Bissessar

    (@bissessarparbhu)

    Hi Jeff, I have the version 6.4.1 with the latest wordpress and my password reset is not working. When I enter the password and then confirm new password it just overrides the password that I’ve just entered. How can I fix this problem?

    CoeyCoey

    (@coeycoey)

    Nevermind. White space.

    atreyushoper

    (@atreyushoper)

    I got the same issue i always redirected to /wp-login.php?action=lostpassword&error=expiredkey when click the reset password link in Forgot Password email.

    I’m using WP 4.3.1 and TML 6.4.1 but i’m able to fix it.

    /login/?action=rp and /resetpass will create different rp_cookie value so they are not matched that’s why it redirected to expiredkey error.

    here is my fix.
    in class-theme-my-login.php line 369 i put the following code:

    $pass_cookie_value='';
					foreach($_COOKIE as $key=>$value){
					  if(strncmp($key,"wp-postpass-",12)){
						$pass_cookie_value = $value;
						break;
					  }
					}
					if($pass_cookie_value!=''){
						$_tkey = explode(":",$pass_cookie_value);
						if(isset($_REQUEST['rp_key'])){
							$_COOKIE[ $rp_cookie ] = $_tkey[0].":".$_REQUEST['rp_key'];
						}
					}

    Please let me know if this working in your end.

Viewing 15 replies - 31 through 45 (of 77 total)
  • The topic ‘Password Reset Issues’ is closed to new replies.