Bad password reset key from User Registration

user621e6a6386c47633 · April 2, 2023, 1:05am

I’m using the “User Registration” add-on (v5.1). After a user has successfully activated their new account, an email is received which includes a link to reset the password. For example,

Username: test20230331ab

Use the password you set at registration to login.

https://foobar.example.com/wp-login.php

Forgot your password? Visit the following address to reset your password:

https://foobar.example.com/wp-login.php?action=rp&key=T2Wtt6GfEABCDEFGHIJK&login=test20230331ab

The link does not work, as it contains an invalid reset key. I think the problem is GF_User_Registration::modify_wp_new_user_notification_message(), which calls wp_generate_password() to generate the key. I believe it should be get_password_reset_key() instead.

system · May 2, 2023, 1:05am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Custom Password Reset page [RESOLVED] Get Help custom , has-ticket , password-reset	2	1630	May 2, 2019
Validation Link Get Help custom , user-registration	6	649	January 4, 2022
User Registration Login Widget Error text Get Help	3	841	January 4, 2022
Choosing the right hooks to create username [RESOLVED] Get Help user-registration , username , gform_user_registration_username	3	428	September 3, 2020
User registration - Generate password automatically Get Help user-registration , password	1	1016	January 5, 2022

Bad password reset key from User Registration

Related Topics