• Hello,

    I have a problem with the reset password URL. In the site we have the security plugin SolidWP Pro installed and setup a hide backend URL. So the original WordPress URL will not work anymore.

    But with that all installed and setup, the passwor reset URL contains double question mark as parameter. As you can see here:
    https://domain.com/wp-login.php?itsec-hb-token=securelogin?action=rp&key=123456789abcdefghijk&login=admin

    I searched the files in this plugin to search why this is happening. And I found the action, key and login parameter is hard added to the wp_login_url() function. In the following file:
    welcome-email-editor/modules/settings/class-settings-output.php on line 177
    See code:
    $reset_url = wp_login_url() . ‘?action=rp&key=’ . $key . ‘&login=’ . rawurlencode( $user_login );

    This can be easily resolved by changing the code to the following:
    $wp_login_url = wp_login_url();
    $reset_url = add_query_arg(‘action’, ‘rp’, $wp_login_url);
    $reset_url = add_query_arg(‘key’, $key, $reset_url);
    $reset_url = add_query_arg(‘login’, rawurlencode( $user_login ), $reset_url);

    This way of coding is also in the next file:
    welcome-email-editor/wp-new-user-notification.php on line 253

    THis can also be easily resolved by changing the code to the following:
    $network_site_url = network_site_url();
    $reset_pass_url = add_query_arg(‘action’, ‘rp’, $network_site_url);
    $reset_pass_url = add_query_arg(‘key’, $key, $reset_pass_url);
    $reset_pass_url = add_query_arg(‘login’, rawurlencode( $user->user_login ), $reset_pass_url);

    There are other ways to solve this issue. But this is one I tested and worked. Can you please make this changes to the plugin? It would solved a big problem and after that the plugin is better compatible with other plugins.

    Maybe you can also check other functions within the plugin of this issue and correct them. I only searched for the password reset URL

Viewing 1 replies (of 1 total)
  • Thread Starter DODO Internet

    (@studioviv)

    I also noticed the network_site_url() function is not working correctly either in the file welcome-email-editor/wp-new-user-notification.php on line 253.

    After I changed the that function to the wp_login_url() function (the same function in the file welcome-email-editor/modules/settings/class-settings-output.php on line 177) the code is working as it should be.

    I would recommend if you changed that also.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.