Skip to:
Content

BuddyPress.org

Opened 9 years ago

Closed 9 years ago

#6637 closed defect (bug) (worksforme)

Lost Password issue, always errors with 'expiredkey'

Reported by: 16hands's profile 16hands Owned by:
Milestone: Priority: high
Severity: normal Version: 2.3.3
Component: Core Keywords: reporter-feedback
Cc: ben@…

Description

This is issue was discussed here:

https://buddypress.org/support/topic/lost-password-not-working/

We have a large community site with about 10,000 members, when we upgrade to Wordpress 4.3 and BuddyPress to suit we noticed members had an issue with resetting their password.

The reset email is sent to the member:


Someone requested that the password be reset for the following account:

http://bounty.co.nz/

Username: carlbowden2

If this was a mistake, just ignore this email and nothing will happen.

To reset your password, visit the following address:

<http://bounty.co.nz/resetpass?key=N1aPjwW3c79LXEKfKHYR&login=carlbowden2>


but the link "http://bounty.co.nz/resetpass?key=N1aPjwW3c79LXEKfKHYR&login=carlbowden2" is redirected to:

http://bounty.co.nz/lostpassword?error=expiredkey

This happens even when there is only a few minutes between the email being sent and the link being clicked, we have checked that the server time and local are correct, it happens on new and old accounts alike, and it happens for anyone who requests a reset

Thank your for the great work

kind regards
Carl.

Change History (3)

#1 @boonebgorges
9 years ago

  • Keywords reporter-feedback added

Hi 16hands - Thanks for the report.

I'm unable to reproduce the 'expiredkey' problem on a stock installation, though I know that this functionality changed in WP 4.3, so I believe that there's a real problem here.

I'm a bit perplexed by the URL of the password reset: resetpass. WordPress doesn't use this kind of URL for password resets. Are you using a plugin that customizes your login process somehow? It appears that the Theme My Login plugin, among others, may use the resetpass token.

I'm guessing that WordPress is expiring the key after a redirect, and that the redirect is being performed by a separate plugin.

#2 @DJPaul
9 years ago

Hi @16hands, did you have chance to look at Boone's feedback?

#3 @DJPaul
9 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to worksforme
  • Status changed from new to closed

Closing due to lack of reporter feedback. We can re-open if we get more information.

Note: See TracTickets for help on using tickets.