• Skip to primary navigation
  • Skip to main content

RocketGeek

Home of WP-Members, The Original WordPress Membership Plugin

  • WordPress Plugins
    • WP-Members
      • FAQs
      • Quick Start
      • Documentation
      • Extensions
    • Advanced Options
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • Download Protect
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • Invite Codes
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • MailChimp Integration
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • PayPal Subscriptions
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • Salesforce Web-to-Lead
    • Security
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • Text Editor
      • Purchase the Plugin
      • Get the Pro Bundle
    • User List
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • User Tracking
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • Memberships for WooCommerce
    • WordPass
  • Blog
    • Basics
    • Tips and Tricks
    • Filters
    • Actions
    • Code Snippets
    • Shortcodes
    • Design
    • Release Announcements
  • Store
    • Cart
    • Checkout
  • Contact
  • Log In
  • Show Search
Hide Search
Home » Release Announcements » Patch file available for password reset issues

Patch file available for password reset issues

Chad Butler · Dec 17, 2020 ·

This article is provided free. Find out how you can get full access to premium content, including how-to articles and support forums, as well as priority email support and member exclusive plugin extensions..

 

In WP-Members 3.3.5, I added a new feature option for password reset to use a reset link.  There have been some isolated reports of problems with this process where a user is sent a link, then receives a message that the activation key is expired when they try to reset the password. 

It seems that there have been some issues with caching in the process.  In the installs I investigated that reported this issue, the activation key value was being cached rather than generated each time.  This led to multiple users having the exact same key value.  When a query was done by key value, multiple users having the same result meant that much of the time, the wrong user was returned.  That is why the users who reported this as a problem indicated it seemed intermittent.

Even if you don’t understand the explanation, that’s OK because I’ve resolved the problem and am implementing a revised version of the entire password reset object class.  The revised version more closely mimics the native WP process.  In fact, it now uses the native WP functions and WP’s user_activation_key value.

Additionally, where the new WP-Members process only passed the activation key in the link, WP’s process passed both the activation key and the username.  The revised object class will now do the same so that when the key is validated, it is validated for that specific user (same as WP does now).  So even if the key is cached and used more than once, it will be validated based on the user it is assigned to.

This change will be implemented in version 3.3.8.  But in the meantime, you can easily apply the patch by replacing the wp-members/includes/class-wp-members-pwd-reset.php file with the version at the gist below:

https://gist.github.com/rocketgeek/4d5c6587b1c0e93a3e9ee519b060d9ff

 

The new registration validation feature will be getting a similar upgrade. There are still some additional elements being worked on (such as incorporating moderated registration), but in the meantime, the class-wp-members-validation-link.php file can be replaced with this:

https://gist.github.com/rocketgeek/92dce159b7596f4681cfa3e50e2a29fa

Release Announcements

Ready to get started?

Join Today!

© 2025 · butlerblog.com · RocketGeek is built using WordPress, WP-Members, and the Genesis Framework

  • butlerblog.com
  • WP-Members Support Subscription
  • Terms of Service
  • Privacy Policy
  • Refund Policy