Bad password reset key from User Registration

user621e6a6386c47633 · April 2, 2023, 1:05am

I’m using the “User Registration” add-on (v5.1). After a user has successfully activated their new account, an email is received which includes a link to reset the password. For example,

Username: test20230331ab

Use the password you set at registration to login.

https://foobar.example.com/wp-login.php

Forgot your password? Visit the following address to reset your password:

https://foobar.example.com/wp-login.php?action=rp&key=T2Wtt6GfEABCDEFGHIJK&login=test20230331ab

The link does not work, as it contains an invalid reset key. I think the problem is GF_User_Registration::modify_wp_new_user_notification_message(), which calls wp_generate_password() to generate the key. I believe it should be get_password_reset_key() instead.

system · May 2, 2023, 1:05am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Custom Password Reset page [RESOLVED] Get Help custom , has-ticket , password-reset	2	1750	May 2, 2019
User Registration - Notifying of Username and Password Get Help user-registration	3	1111	January 4, 2022
User Registration - How to improve the user experience for the part "forgot password ?"? Get Help user-registration , password , forgot-password , password-recovery	1	517	April 29, 2022
Reset password problem - Need help Get Help password-reset , trac	6	1696	January 4, 2022
[User Registration Add-On] New User Emails [RESOLVED] Get Help user-registration , email , gf_new_user_notification , wp_new_user_notification	3	1287	October 9, 2019

Bad password reset key from User Registration

Related topics