“Invalid Key” Error when changing pasword for new user
-
-
Belinda CastorParticipant# 2 years, 7 months ago
I am using your Authentication Forms add-on so new users can register on the site themselves. A new user can register through the add-on with no problems but when they click the link in the email that is sent to them to reset their password, they get an “Invalid Key” error and cannot change their password and therefore can’t login. I’ve tried deactivating all the plug-ins to see if there is a conflict but it still doesn’t work. This plug-in is useless to me without the Authentication Forms add-on.
-
Belinda CastorParticipant# 2 years, 7 months ago
I still haven’t received a response to my initial thread about getting an “Invalid Key” error with the Authentication Forms add-on. Do you have a fix for this issue?
-
Vincent Mimoun-PratParticipant# 2 years, 7 months ago
Hi,
This was a bug in a previous version. However it has been fixed since then. If you don’t have the latest version, please update them.
Otherwise, some users had reported changing their WordPress salts fixed the issue.
You can generate them using their generator: https://api.wordpress.org/secret-key/1.1/salt/
And then paste than in your wp-config.php file.
-
Belinda CastorParticipant# 2 years, 7 months ago
I have the latest version because I just installed it so I’ll try the salts.
-
Claudia Dell’OrmeParticipant# 2 years, 7 months ago
The problem is that: the stored user_activaction_key (table wp_users) is not hashed but it’s saved as plain text.
Can u fix that?
-
-
Belinda CastorParticipant# 2 years, 7 months ago
I changed the WordPress salts but I’m still getting the same “Invalid Key” error when trying to change the password to login.
-
-
Claudia Dell’OrmeParticipant# 2 years, 7 months ago
The exception is in wp-user.php:
if ( hash_equals( $user->user_activation_key, $key )) { $return = new WP_Error( 'expired_key', __( 'Invalid key. '); $user_id = $user->ID;
There are a comment:
/** * Filters the return value of check_password_reset_key() when an * old-style key is used. * * @since 3.7.0 Previously plain-text keys were stored in the database. * @since 4.3.0 Previously key hashes were stored without an expiration time. * * @param WP_Error $return A WP_Error object denoting an expired key. * Return a WP_User object to validate the key. * @param int $user_id The matched user ID. */
-
-
-
Vincent Mimoun-PratParticipant# 2 years, 7 months ago
The problem is that: the stored user_activaction_key (table wp_users) is not hashed but it’s saved as plain text.
Could you all let me know which WordPress version you are running?
Thing is we are already using the WordPress functions to generate and store the activation keys.
See file
customer-area-login-form/src/php/wp-login-helper.class.php
, functionretrieve_password
-
Belinda CastorParticipant# 2 years, 7 months ago
I am also using the latest version of WordPress. Please let me know if this issue can be fixed asap or I will have to find a different solution and will be expecting a refund.
-
Vincent Mimoun-PratParticipant# 2 years, 7 months ago
Hi,
I think I found it.
Could you please replace the following file in your addon folder?
wp-content/plugins/customer-area-login-form/src/php/wp-login-helper.class.php
-
Vincent Mimoun-PratParticipant# 2 years, 7 months ago
Thanks for the feedback. We’ll include that in the next release.
-
The topic ‘“Invalid Key” Error when changing pasword for new user’ is closed to new replies.