nuthole2003

Sorry, I’ve been out for the holidays. Could you please upload that again and I’ll give it a whirl? Thanks!

We use LearnDash LMS and integrate it with SamCart. We also have Wishlist installed, really just to limit access to one or two pages that LearnDash keeps public that we would prefer to be private and for users only. I have Wishlist set to NOT manage the password or require a strong password, and the issue still persists even if I disable Wishlist.

Anyhow, users purchase a course via SamCart, and the integration automatically registers the new user with the email address they used on checkout, and it sends the WordPress default new user registration email with password reset link to the new user.

I have another plugin installed, WP Core Emails Pro, which simply allows me to edit and style the WordPress default emails.

I set all this up back in June, and it’s been running relatively smoothly up until about a month ago.

Okay, I had the host (Pressable) look into this, and here’s the debug log when they ran a test to set/reset the password:

#1 /wordpress/core/5.3/wp-includes/user.php(2453): wp_set_password(‘REDACTED', NULL)
#2 /srv/htdocs/wp-content/plugins/uncanny-learndash-toolkit/src/classes/frontend-login-plus.php(1806): reset_password(Object(WP_Error), ‘REDACTED')
#3 /wordpress/core/5.3/wp-includes/class-wp-hook.php(288): uncanny_learndash_toolkit\FrontendLoginPlus::validate_reset_password('')
#4 /wordpress/core/5.3/wp-includes/class-wp-hook.php(312): WP_Hook->apply_filters(NULL, Array)

“REDACTED” is where they attempted to set the password. Initially, Pressable said from that, “It seems like Uncanny is passing off the password without the username…”

They followed up after digging a bit deeper and said the following:

I was able to reproduce the critical error, but only after trying to reset the password twice. In other words, if I reset the password, follow the reset link and type my new password, it works on the first go. If I try it again, then it fails.

The uncanny-learndash-toolkit plugin developers should create some sort of exception to test for the validity of the password reset token.

That’s beyond my scope, and it seems to be happening on the first try when new users are sent the email to set their password.

Any ideas as to what would be the best course of action?

The site is hosted with Pressable. “Must Use” doesn’t come as an option when I go to Plugins > Installed Plugins.

I’ll check with the host and see what they’ve got…

Any ideas on this?

Here are the Reset Password settings for the front-end login:

View post on imgur.com

View post on imgur.com

View post on imgur.com

Here’s a few screenshots of all the active plugins:

View post on imgur.com

View post on imgur.com

We don’t use anything to force strong passwords (I did try a strong password with the password reset anyhow and still the same result). No recaptcha either.

I don’t have a staging site setup right now, but I did disable ALL plugins accept the Toolkit and still had the same error. I originally went through and disabled plugins one at a time to see if it was one of the plugins causing the error until I ended up with just the Toolkit enabled.