pldt, smart app download.Claim Your Free 999 Pesos Bonus Today

Password reset email not displaying the password

sdturnbull — Tue, 18 Mar 2025 16:29:55 +0000

We’ve got 3.5.2 installed. When members request a password reset the email they received doesn’t have the new password, it is just not there where it should be using the [password] short code.

In the email settings we have the following:

Your password for the NNNNN Members' Area has been reset.

Your new password is included below. You may wish to retain a copy for your records.

password: [password]

You can log in here: https://NNNNNN.com/members-area/ 

Once logged in, you can change your password here: [user-profile]

The user profile short code seems to work ok. But where the password should be in the email, we have nothing, not even white space.

Customizing Password Reset Page in Profile Builder Plugin

makrand94 — Tue, 18 Mar 2025 12:03:11 +0000

Grettings. I have set up custom login, register, and reset password pages using the Profile Builder plugin. When a user requests a password reset, they receive a link that takes them to a page where they can enter and confirm their new password.

However, I am unable to customize this page to align with the branding of my other pages. I couldn’t find a shortcode or a way to change the layout and design of this reset password form. Could you please guide me on how to customize this page? Is there a way to use a shortcode or a custom template for it?

Password Reset and Username Login Issues

codings — Thu, 13 Mar 2025 18:40:21 +0000

Resolved. Sorry.

Password Reset Loop

bryanvalentino — Wed, 12 Mar 2025 01:28:14 +0000

I have disabled all cache and checked with different tools if a page is cached or not but the password reset loop is still happening. It keeps prompting “Your password reset link appears to be invalid. Please request a new link below.”

Your password reset link appears to be invalid. Please request a new link below.

bryanvalentino — Mon, 03 Mar 2025 20:00:33 +0000

I’ve set up Ultimate Member for a website. Everything works except for the activation link. For some reason it displays, “Your password reset link appears to be invalid. Please request a new link below.” I have already disabled cache and made sure that there are no cache by checking the headers.

The password reset works fine too. It’s just that first activation link password reset doesn’t work. The plugin also detects the activation so when the user clicks on the link the account gets “activated” in the backend. It’s just that the initial password reset doesn’t work.

Simplify Reset Password Key for Better Usability

Nayon Islam — Wed, 19 Feb 2025 02:05:29 +0000

Hi,

The reset password key is currently too long and difficult for users to manage. It would be helpful to simplify the process by making the key shorter and easier to use, reducing confusion for users.

Here’s a screenshot for reference: https://prnt.sc/ZZ__hddXJkNc

Looking forward to your response.

Thanks!

Password Reset Bug – Allows Setting Insecure One-Character Passwords

Nayon Islam — Wed, 19 Feb 2025 01:49:37 +0000

Hi,

I’ve noticed that users can reset their passwords with just a single character, which is a security risk. There should be a validation check to enforce a minimum password length and other security requirements. Please review this issue and implement a fix.

Screenshot for reference: https://prnt.sc/DaNiDzvm0bCQ

Looking forward to your response.

Thanks!

Password Reset Email Template Not Available in Tutor LMS Pro

Wijerama — Mon, 03 Feb 2025 18:54:12 +0000

Hello,

I have been using Tutor LMS Pro and noticed that it does not provide a built-in email template for password reset emails. While other email notifications are customizable within the plugin, the password reset email seems to rely on the default WordPress email template.

Is there any way to customize the password reset email specifically for Tutor LMS users? If not, are there any recommended workarounds or third-party plugins that integrate well with Tutor LMS for this purpose?

Any guidance on this would be greatly appreciated.

Thanks!

not working correctly with LoginWP and welcome email

tormy — Tue, 10 Dec 2024 21:55:04 +0000

On a site I manage, the login URL is https://www.mydomain;xyz/door instead of the /wp-login due the use of LoginWP

Now, when you plugin sends the first message to the user, the Login link and the Password reset link are not working at all because they are pointing to wp-login, that doesn’t exist any more.

LoginWP is not an option. It must be there to make its job.
But perhaps you can solve this issue when LoginWP is installed.

On top of this, when an email is sent, the recipient receives it from “wordpress” instead of from the Site Title.

WP 6.7.1
LoginWP 3.0.8.6

Ensure that only approved users can send password reset requests

sylrobitaille — Fri, 06 Dec 2024 23:17:41 +0000

Hello. I’ve noticed that our site is sending password-reset requests for accounts that are in state “pending administrator review”. (These are spambot created accounts, and the password reset requests are being sent before the accounts get deleted.) It occurred to me, of course, that this behaviour could potentially be abused to send such messages to legitimate email addresses belonging to unsuspecting folks. In practice, harmless, I admit, as the recipients would certainly just ignore the messages, no more than the configured reset password limit number of messages would be sent, and the messages themselves are short and not invasive. But they certainly could cause some confusion and at worst some annoyance, of which we’d prefer to not be the source.

What we’d like is to ensure that in addition to sending the password reset email only to an address known to the site, that such email is sent only for accounts that are already approved. I’ve examined the code to that end, and found function um_reset_password_process_hook() in includes/core/class-password.php, where on my test site I’ve made the following change:

--- includes/core/class-password.php.20241206   2024-04-09 20:20:26.000000000 -0300
+++ includes/core/class-password.php    2024-12-06 11:10:12.962327061 -0400
@@ -448,11 +448,13 @@ if ( ! class_exists( 'um\core\Password'
 
                        if ( username_exists( $user ) ) {
                                $data = get_user_by( 'login', $user );
+                               $user_id = username_exists( $user );
                        } elseif ( email_exists( $user ) ) {
                                $data = get_user_by( 'email', $user );
+                               $user_id = email_exists( $user );
                        }
 
-                       if ( isset( $data ) && is_a( $data, '\WP_User' ) ) {
+                       if ( isset( $data ) && is_a( $data, '\WP_User' && UM()->user()->is_approved( $user_id ) ) ) {
                                um_fetch_user( $data->ID );
                                UM()->user()->password_reset();
                        }

The above passes basic sanity testing, but as I’m not a WordPress developer (nor even an PHP programmer), I certainly do imagine that there might be a more elegant way to implement the additional check.

My question for the support forum is How would I go about submitting this change to the Ultimate Member developers, so that they might consider incorporating it into the plugin (perhaps even having it be a configurable option)? I can imagine that ours is not the only site where it simply doesn’t make sense to send password reset emails for accounts that have not yet been approved.

With that, I thank the relevant folks for making the plugin available, and I do hope that my modification above will be seen as a potential improvement.