Password Reset Issues

Hello Jeff,
after creating a new user, wordpress will propose a password and send an email with a link directed to the resetpass page.
In this page, the user is proposed to create a password. When typing it in the relevant box, a second box is showing what the user is typing.
Then once this is done, the user is requested to type the password on a 3rd box “Confirm new password” but here is the problem.
Each character that is typed in the 3rd box will clear the 1st and the 2nd box with only one character.
If I choose “password” as the password, I would then first type on the 3rd box “p” and that would replace “password” by “p” on the 1st and the 2nd box. Then I would type “a” and that would would replace “p” by “a” on the 1st and the 2nd box…
So I cannot have the same password on the three boxes and I am blocked.
I hope I am clear enough.
I am on WordPress 4.3
Thank you for your help, best regards, Stephan

Using 6.4-RC1:

Chrome DevTools is open with “Disable cache (while DevTools is open)” option selected and no caching plugin on the server.

The “Password reset always returns an invalid key error” issue still exists for me. Please let me know if I can provide more information. I can step through the code via Xdebug if you have a specific variable or control flow you want me to check.

Thanks.

With TML 6.4 RC 1, but password reset form is still unusable – when I try to type the password confirmation, the first field resets and I always get Passwords do not match error. Is this gonna be the final version?

Though, there is no key expired error.

I installed the TML 6.4 RC1 update and it seems to work great with 4.3, and even 4.3.1. I was able to reset my password and it all went well.
Thanks,
Mike

Okay, I found the root of the issue, I had customized profile and password reset pages under my theme folder, they were taking over new TML beta pages.
All looks to be fine!
Thanks

@lkagan Using Chrome’s dev tools, look at the Network tab and make sure that “Preserve log” is checked. Directly copy/paste the reset link into the browser. The first request should issue a redirect with a cookie attached to it. The second request should also contain that cookie. Start there.

P.S. The “Disable cache” option only disables your browser’s cache, not server side caching.

watching for updates

I have two similar (same theme) websites with TML. With both sites, I’ve updated to WP 4.3.1 and TML 6.4. On one site, everything is working great. On the site that uses SSL and W3 Total Cache, everything works except when resetting a password, it says key is invalid. W3 Total Cache is only caching static files and serving them from a CDN, so it’s not caching pages. Regardless, I deactivated it, but that didn’t solve the problem. I notice that when I click the lost password link, there’s a redirect that strips the query string and saves a cookie. The correct key and username/email is stored in the cookie. But the hidden fields “key” and “login” on the reset-password page are left blank. Since the only difference between the 2 sites is SSL, my guess is there is a problem reading the cookie when using https?

hello all,
as far as I was concerned, it looks like I had too many extensions working on (TML, SB Welcome Email Editor, WP Better Emails)
I only kept TML and now it is working fine although my emails is not a nice as they were before but I can cope with this.
So I am not sure the issue I had was related to TML.
Best regards, Stephan

woops, nevermind. Like kseniyasqo found previously, those hidden fields on the reset pass form have been updated with 6.4, and when I include those changes (using the $GLOBALS variable) and rp_key in my template the key is valid and the password is reset! Thanks for the great plugin!

Hi Jeff,

first at all, thanks for your work and time to develop this great plugin!
Like some others, I have the “invalid key error”-issue.
I contacted my hoster to remove pages form the server cache to try to solve the issue.
They excluded /wp-content/plugins/theme-my-login/templates/resetpass-form.php but that does not solve the problem.
Can you be more specific, which pages needs to be excluded?

Thanks in advance,
Jan

FYI: using WP 4.3.1. and TML 6.4

Ok thank you for the great plugin ??

I’m having similar issues, except with mine it’s saying “Your password reset link appears to be invalid. Please request a new link” (even though they just did the reset link and are entering the correct auto-generated password), yet it actually is logging them in (giggle). Is it just getting redirected wrong or something? It seems so close to working…

I’m thanking anyone that can help up front!

Hi all,

Theme my login 6.4 has fixed the reset password invalid key error. But actually in the bad way, it show me new password below the password field.
Does anyone meet this issue? How to fix it officially.

Thanks and regards!

Ok i’m glad they fixed the invalid KEY error.

But…

What about what I was asking about in my post above, where it’s saying: “Your password RESET LINK appears to be invalid. Please request a new link” (even though they just did the reset link and are entering the correct auto-generated password)… I’m still getting this error.

Does anyone know about this issue?

Is the reset password invalid key error that star_movie_02 is mentioning the same thing as the password reset link error that I’m getting??

Help lol ??

@fourwhitesocks Are you using the Custom Redirection moule with referer setting by any chance?