Reset password link not working
-
-
thibaut
Participant# 2 years, 10 months agoI found the issue in your code:
in the file customer-area-login-form/src/php/wp-login-helper.class.php
starting line 77 should be changed to this :
$key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login)); //if (empty($key)) //{ // Generate something random for a key... $key = wp_generate_password(20, false); do_action('retrieve_password_key', $user_login, $key); // Now insert the new md5 key into the db $wpdb->update($wpdb->users, array('user_activation_key' => time() . ':'. $key), array('user_login' => $user_login)); //}First you should always regenerate the activation key on demand, second the time() needs to be added in front of the key in the DB separated by “:” in order to allow expiration and verification.
pleaseĀ correct this ASAP
-
Participant# 2 years, 10 months ago
I updated the code to use wordpress’ secure hash instead, this is working fully
$key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login)); //if (empty($key)) //{ // Generate something random for a key... $key = wp_generate_password(20, false); do_action('retrieve_password_key', $user_login, $key); global $wp_hasher; // Now insert the key, hashed, into the DB. if ( empty( $wp_hasher ) ) { require_once ABSPATH . WPINC . '/class-phpass.php'; $wp_hasher = new PasswordHash( 8, true ); } $hashed = time() . ':' . $wp_hasher->HashPassword( $key ); // Now insert the new md5 key into the db $wpdb->update($wpdb->users, array('user_activation_key' => $hashed), array('user_login' => $user_login)); //}
-
-
Vincent Mimoun-Prat
Keymaster# 2 years, 10 months agoHi
We already have a fix pending a release for that issue. Yes, we needed something like that as well as an update when checking the key too.
We will release the fix soon.
Regards
Viewing 2 reply threads
The topic ‘Reset password link not working’ is closed to new replies.