RocketGeek

Home of WP-Members, The Original WordPress Membership Plugin

Home » Release Announcements » Patch file available for password reset issues

Patch file available for password reset issues

· ·

This article is provided free. Find out how you can get full access to premium content, including how-to articles and support forums, as well as priority email support and member exclusive plugin extensions..

 

In WP-Members 3.3.5, I added a new feature option for password reset to use a reset link.  There have been some isolated reports of problems with this process where a user is sent a link, then receives a message that the activation key is expired when they try to reset the password. 

It seems that there have been some issues with caching in the process.  In the installs I investigated that reported this issue, the activation key value was being cached rather than generated each time.  This led to multiple users having the exact same key value.  When a query was done by key value, multiple users having the same result meant that much of the time, the wrong user was returned.  That is why the users who reported this as a problem indicated it seemed intermittent.

Even if you don’t understand the explanation, that’s OK because I’ve resolved the problem and am implementing a revised version of the entire password reset object class.  The revised version more closely mimics the native WP process.  In fact, it now uses the native WP functions and WP’s user_activation_key value.

Additionally, where the new WP-Members process only passed the activation key in the link, WP’s process passed both the activation key and the username.  The revised object class will now do the same so that when the key is validated, it is validated for that specific user (same as WP does now).  So even if the key is cached and used more than once, it will be validated based on the user it is assigned to.

This change will be implemented in version 3.3.8.  But in the meantime, you can easily apply the patch by replacing the wp-members/includes/class-wp-members-pwd-reset.php file with the version at the gist below:

https://gist.github.com/rocketgeek/4d5c6587b1c0e93a3e9ee519b060d9ff

 

The new registration validation feature will be getting a similar upgrade. There are still some additional elements being worked on (such as incorporating moderated registration), but in the meantime, the class-wp-members-validation-link.php file can be replaced with this:

https://gist.github.com/rocketgeek/92dce159b7596f4681cfa3e50e2a29fa

Ready to get started?

Join Today!