I just registered on directory.classicpress.net and encountered an error loop in the password reset process which makes completing a new user registration impossible(sic).
Expected behavior
User receives a message reading
Someone has requested a password reset for the following account: Site Name: Directory Username: ’ . $USER . ’ If this was a mistake, ignore this email and nothing will happen. To reset your password, visit the following address: https://directory.classicpress.net/wp-login.php?action=rp&key=' . $KEY . '&login=' . $USER . '&wp_lang=en_US This password reset request originated from the IP address ’ . $IPADDRESS . '.
Current behavior
Opening the link returns the following error with a new password reset field
Error: Your password reset link appears to be invalid. Please request a new link below.
Possible solution
The error is caused by bad parsing of the &wp_lang=en_US string in the query. If it is removed, the password reset key is read as valid and the user can set a new password.
I’m guessing it’s either a translation plugin issue or an .htaccess issue.
Steps to reproduce
Provide a link to a live example, or an unambiguous set of steps to reproduce
this bug. Include code to reproduce, if relevant.
I can confirm this bug. There doesn’t appear to be anything in the .htaccess file doing this, and there isn’t a traditional translation plugin either. But the OS for the server has just been updated, and I’m wondering if it has something to do with that. Any ideas, @MattyRob ?
@ElisabettaCarrara has reported password reset issues on Firefox, now that you mention it, and I just tried on Firefox too. @opendna Were you on Firefox when you experienced this?
Hmm, just tried on Android Chrome with the same result.
@opendna and @timkaye recently the same FF bug was reported on chrome also (and probably all browsers based on its engine).
It seems browsers won’t solve it because there is a workaround (copy the link and paste it in a new tab of the same browser). I did report on FF however and their support told me it was a known issue that resurfaces from time to time.
I think I might have found an issue in the core code that would produce this error. It’s strange we are not seeing it elsewhere - but perhaps that is the presume FF issue.
Anyway, I have applied the fix manually on the directory server, please can you try again and let me know if it now works.
I just clicked on the link; copy and pasting wouldn’t work for me because the Outlook email account to which the email is sent adds something else to the link which can’t be resolved by copying and pasting
I think there may be 2 issues here then - a cookie setting issue that I identified and fixed based on this thread. And an established issue with mail clients altering the URL structure and braking it - the latter is a much bigger challenge to fix.
Maybe. I have just tried resetting a password on one of my CP test sites, and the password reset link was correctly configured (without the language-related string).
But in the CP Directory site email logs, I can see that the string is being included in the link. (I just tried again and it’s still happening.)
The URL attribute of wp_lang is used to set a cookie for language options, fi they are available as far as I can tell. I’ve added a line that after the cookie is set strips the wp_lang attribute from the URL and redirects.
It’s on the directory site now - does that make any difference? I’m not sure this is linked to that parameter being present but let’s test.