“Invalid Key” Error when changing pasword for new user

    • Belinda Castor
      Participant
      # 2 years, 7 months ago

      I am using your Authentication Forms add-on so new users can register on the site themselves. A new user can register through the add-on with no problems but when they click the link in the email that is sent to them to reset their password, they get an “Invalid Key” error and cannot change their password and therefore can’t login. I’ve tried deactivating all the plug-ins to see if there is a conflict but it still doesn’t work. This plug-in is useless to me without the Authentication Forms add-on.

    • Belinda Castor
      Participant
      # 2 years, 7 months ago

      I still haven’t received a response to my initial thread about getting an “Invalid Key” error with the Authentication Forms add-on. Do you have a fix for this issue?

    • Vincent Mimoun-Prat
      Participant
      # 2 years, 7 months ago

      Hi,

      This was a bug in a previous version. However it has been fixed since then. If you don’t have the latest version, please update them.

      Otherwise, some users had reported changing their WordPress salts fixed the issue.

      You can generate them using their generator: https://api.wordpress.org/secret-key/1.1/salt/

      And then paste than in your wp-config.php file.

      • Belinda Castor
        Participant
        # 2 years, 7 months ago

        I have the latest version because I just installed it so I’ll try the salts.

      • Claudia Dell’Orme
        Participant
        # 2 years, 7 months ago

        The problem is that: the stored user_activaction_key (table wp_users) is not hashed but it’s saved as plain text.

        Can u fix that?

      • dotto95
        Participant
        # 2 years, 7 months ago

        Same problem here! @Vincent Mimoun-Prat can you help me?

        I’ve tried generate new salt but the problem still persist…

        Thank you.

         

      • Cédric
        Participant
        # 2 years, 7 months ago

        Hello,

        Changing salt doesn’t solve the problem for me neither, I’m using the last version of Customer Area 8.1  and WordPress 5.9.3.

         

    • Belinda Castor
      Participant
      # 2 years, 7 months ago

      I changed the WordPress salts but I’m still getting the same “Invalid Key” error when trying to change the password to login.

      • Claudia Dell’Orme
        Participant
        # 2 years, 7 months ago

        Same problem. How to fix it?

      • Claudia Dell’Orme
        Participant
        # 2 years, 7 months ago

        The exception is in wp-user.php:

         

        	if ( hash_equals( $user->user_activation_key, $key )) {
        		$return  = new WP_Error( 'expired_key', __( 'Invalid key. ');
        		$user_id = $user->ID;

         

        There are a comment:

        		/**
        		 * Filters the return value of check_password_reset_key() when an
        		 * old-style key is used.
        		 *
        		 * @since 3.7.0 Previously plain-text keys were stored in the database.
        		 * @since 4.3.0 Previously key hashes were stored without an expiration time.
        		 *
        		 * @param WP_Error $return  A WP_Error object denoting an expired key.
        		 *                          Return a WP_User object to validate the key.
        		 * @param int      $user_id The matched user ID.
        		 */
      • Belinda Castor
        Participant
        # 2 years, 7 months ago

        I don’t have a wp-user.php file.

    • Marius
      Participant
      # 2 years, 7 months ago

      Hi, I have the same problem! How can this be fixed? I have blocked registrations on my website, when will there be an update?

    • Vincent Mimoun-Prat
      Participant
      # 2 years, 7 months ago

      The problem is that: the stored user_activaction_key (table wp_users) is not hashed but it’s saved as plain text.

      Could you all let me know which WordPress version you are running?

      Thing is we are already using the WordPress functions to generate and store the activation keys.

      See file customer-area-login-form/src/php/wp-login-helper.class.php, function retrieve_password

       

      • dotto95
        Participant
        # 2 years, 7 months ago

        I’m using the latest available version WordPress 5.9.3

         

      • dotto95
        Participant
        # 2 years, 7 months ago

        Any news? I have registrations blocked on my website. Estimated time for resolution? I just bought about 200 € of plugins and the software doesn’t work.

      • Belinda Castor
        Participant
        # 2 years, 7 months ago

        I am also using the latest version of WordPress. Please let me know if this issue can be fixed asap or I will have to find a different solution and will be expecting a refund.

    • dotto95
      Participant
      # 2 years, 7 months ago

      Good morning, Can we get feedback on the estimated resolution times?

      Thank you.

       

    • Cédric
      Participant
      # 2 years, 7 months ago

      Hi, any news ?

      It’s a crucial point that blocking us for our POC.

       

    • Vincent Mimoun-Prat
      Participant
      # 2 years, 7 months ago

      Hi,

      I think I found it.

      Could you please replace the following file in your addon folder?

      wp-content/plugins/customer-area-login-form/src/php/wp-login-helper.class.php

      • dotto95
        Participant
        # 2 years, 7 months ago

        It works! Thank you, have nice day.

         

    • Cédric
      Participant
      # 2 years, 7 months ago

      Works perfectly for me too ! And the ACF form is now present, that allows me to fill the form in the registration page. Thanks !

    • Vincent Mimoun-Prat
      Participant
      # 2 years, 7 months ago

      Thanks for the feedback. We’ll include that in the next release.

Viewing 10 reply threads

The topic ‘“Invalid Key” Error when changing pasword for new user’ is closed to new replies.