ERROR:Invalid key! with Recover Password shortcode

  • Resolved traumm

    (@traumm)


    5 years, 10 months ago

    Hi there

    Using the [wppb-recover-password] shortcode

    I’m getting an error if the username has special characters, e.g. is an email address.

    The URL sent to the user is along the lines of:

    https://mywebsite.co.uk/reset-password/?submitted=yes&loginName=memywebsite-co-uk&key=Fo15KnnndeZ0JdCSoY4l

    The loginName parameter is stripping out the @ and swapping the full stops for hyphens, so I’m getting an ‘Error! Invalid Key’ message when visiting the page.

    loginName=memywebsite-co-uk

    If I change this manually in the URL to:

    [email protected]

    …the reset form appears without an error.

    If the username has no special characters or full stops, it works correctly.

    Again, your help’s appreciated!

    • This topic was modified 5 years, 10 months ago by traumm.
    • This topic was modified 5 years, 10 months ago by traumm.
Viewing 7 replies - 16 through 22 (of 22 total)

  • Hello @design2code

    Let us continue the conversation based on mutual respect.

    Testing on a clean website is something that I have tried multiple times and it worked just fine.

    So I’m guessing this might be related to the hosting server configuration. May we have admin credentials on that clean website?

    Please use our support ticket system to send it privately.

    https://www.cozmoslabs.com/support/open-ticket/

    With the best of wishes,
    Gabriel

    Another thing just occurring to me now.

    Perhaps this is caused by your email client messing up your links inside the email.

    Please try it with an address at mailinator.com (they are registered on the fly — for spam protection — you won’t loose any time creating an account).

    Support ticket submitted…
    It is not the Email client as I tried web access as well. Also tried with Gmail… same issue.

    All right, thanks.

    We are going to look into this as soon as possible.

    Best regards,
    Gabriel

    @gabrielberzescu Thank you for you and your teams assistance. While you were quite adamant that the issue was with email clients I was not convinced so I went through some of the code and found the issue.
    On line 225 of front-end/recover.php you retrieve the users “user_nicename” to pass into the url as the query var loginName, then on line 353 of the same file you fetch that username and sanitize it, then you use it to match to the user on line 355.
    The issue is that you match the user in the table by “user_login” and not “user_nicename” which is the actual value you fetched to add to the url.
    Because “user_nicename” and “user_login” is not the same thing, in some instances no match is found and the user is then left with the error “Error! Invalid Key”.
    I updated line 355 to match using “user_nicename” and not “user_login”, the form now appears for all users.
    Again, thank you for everything and hope this helps…
    Design2Code.

    Hi there,

    Thanks for paying so much attention to this, I am forwarding it to our development team.

    Cheers,
    Gabriel

    @gabrielberzescu , No problem man, I needed it fixed.

Viewing 7 replies - 16 through 22 (of 22 total)
  • The topic ‘ERROR:Invalid key! with Recover Password shortcode’ is closed to new replies.