[wp-trac] [WordPress Trac] #18771: Reset Password link generation

WordPress Trac wp-trac at lists.automattic.com
Sun Sep 25 16:30:43 UTC 2011 

#18771: Reset Password link generation
--------------------------+-----------------------------
 Reporter:  binaryweb     |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Users         |    Version:  3.2.1
 Severity:  normal        |   Keywords:
--------------------------+-----------------------------
 I have been having problems with the login following a reset password.

 A user click the "forgotten password" link and then after receiving the
 email clicks the link in the email to reset their password submits their
 new password gets a message that says "You have successfully reset your
 passoword. Log in" The link for login is not being generated correctly
 which is causing them to get a "Invalid Key" error.

 Here is what I have dont to temporarily resolve the issue:

 in wp-login.php I modified the following lines of code:

 changed Line 207:

 {{{
 if ( empty($key) ) {
 }}}

 to this:

 {{{
 if ( empty($key) || preg_match('/[^a-z0-9]/i',$key) != 0) {
 }}}

 Removing special characters from the key that gets emailed to the users
 when they click the "forgotten password" link on the login page.



 Commented out Line 444:

 {{{
 login_header(__('Password Reset'), '<p class="message reset-pass">' .
 __('Your password has been reset.') . ' <a href="' . site_url('wp-
 login.php', 'login') . '">' . __('Log in') . '</a></p>');
 }}}

 then slightly modified it removing the login link from the message

 {{{
 login_header(__('Password Reset'), '<p class="message reset-pass">' .
 __('Your password has been reset.') . '</p>');
 }}}


 This change forces the user to return to the homepage before logging in
 again and then they dont get the "invalid key" error.

 It would be nice if there were a more permenant fix for this issue that
 wouldn't get lost when we update the next time.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/18771>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list