lolitsjohnnyboy

Or maybe you can add a filter that I can modify the help output on mobile phones? Like with a key and a value so that I can check the correct field.

wp-content/plugins/ultimate-member/includes/core/class-fields.php line 494 would be the target I think.

Are you using a custom email template for this? In my case, I had an error in it using the wrong way to add the reset link.

The only thing that get’s displayed is “Member has protected access”. But I’m understanding now why you do this. Maybe there is a better way to do this. But if it works from your side with older version, there will be no problem I think.

Because of the previous issue: I’ve did a cherry pick from my branch back to the code before the update and updated your currently new version. Since this, everything looks fine.

Hey Ewout,

thanks. My error is solved. But I’ve found new ones:

wp-content/plugins/woocommerce-pdf-invoices-packing-slips/includes/compatibility/abstract-wc-data-compatibility.php line 119, 147, 172 & 195:

$object->id

Also wp-content/plugins/woocommerce-pdf-invoices-packing-slips/includes/compatibility/class-wc-product-compatibility.php line 47

The problem is that the member has a protected access here which might can cause issues. This shows up with an error in my IDE. So maybe you can find a better solution here.

• This reply was modified 5 years, 6 months ago by lolitsjohnnyboy.

Nope, it’s disabled. I’m currently trying to roll back to the previous version.

But after disabling it, the error is gone mate. I’m currently searching the place where this error comes from.

For example the WooCommerce dashboard widget don’t works anymore when using the newest version. After disabling it, it works again.

• This reply was modified 5 years, 6 months ago by lolitsjohnnyboy.
• This reply was modified 5 years, 6 months ago by lolitsjohnnyboy.

I’ve did but this has only partly success. When I visit my privacy page, the button is still visible. So I’ll keep the obsolete code implemented until it’s 100 % replaced and working.

Hallo @aweissinpsyde,

also dürfte ich garnicht das Plugin bzw. die Implementierung mit der Cancel URL anpassen?

Viele Grü?e
Johannes

I know how to do this. Do you want to write me on Instagram? So I’ll tell you how you can do this ??

I’ve fixed it now. There is an issue in a library I’m using to merge HTML and CSS together:

//Apply CSS styles inline for picky email clients.
try {
	$emogrifier = new Emogrifier( $message, $css );
	$message    = $emogrifier->emogrify();
} catch ( Exception $e ) {
	$logger = wc_get_logger();
	$logger->error( $e->getMessage(), array( 'source' => 'emogrifier' ) );
}
//Temporarily fix emogrified {} to ASCII code
$message = str_replace( array( '%7B', '%7D' ), array( '{', '}' ), $message );

The problem was that the Emogrifier turned the placeholder openings and closings back to it’s ASCII code so the UM was not able to replace it.

Because of this I’ve first replaced it with the function itself’s which is called from the placeholder. But the problem is that the placeholder is called anyway so the last hash was generated from the plugin trying to find the placeholder.

My wish is to remove the whole placeholder thing and call the function directly to get the reset link so that this can be used in custom templates too.

This plugin is absolutely trash! I’ve found out how I can create a backtrace and UM calls the reset 4 times like I wrote above. The 3rd one is the one sent by the email and the last one is saved to the database:

[30-Dec-2018 14:04:52 UTC] require('wp-blog-header.php'), require_once('wp-includes/template-loader.php'), do_action('template_redirect'), WP_Hook->do_action, WP_Hook->apply_filters, um\core\Password->form_init, do_action('um_reset_password_process_hook'), WP_Hook->do_action, WP_Hook->apply_filters, um\core\Password->um_reset_password_process_hook, um\core\User->password_reset, get_password_reset_key
[30-Dec-2018 14:04:52 UTC] Hashed: 1546178692:$P$BJoSYtR913FSi..xNSAdZaC6RwqYVC1
[30-Dec-2018 14:04:52 UTC] Key saved: 1546178692:$P$BJoSYtR913FSi..xNSAdZaC6RwqYVC1
[30-Dec-2018 14:04:52 UTC] require('wp-blog-header.php'), require_once('wp-includes/template-loader.php'), do_action('template_redirect'), WP_Hook->do_action, WP_Hook->apply_filters, um\core\Password->form_init, do_action('um_reset_password_process_hook'), WP_Hook->do_action, WP_Hook->apply_filters, um\core\Password->um_reset_password_process_hook, um\core\User->password_reset, um\core\Mail->send, um_convert_tags, um_user, um\core\Password->reset_url, get_password_reset_key
[30-Dec-2018 14:04:52 UTC] Hashed: 1546178692:$P$B6/0iQI1Ke5KODTKihHCctTROvUorc.
[30-Dec-2018 14:04:52 UTC] Key saved: 1546178692:$P$B6/0iQI1Ke5KODTKihHCctTROvUorc.
[30-Dec-2018 14:04:52 UTC] require('wp-blog-header.php'), require_once('wp-includes/template-loader.php'), do_action('template_redirect'), WP_Hook->do_action, WP_Hook->apply_filters, um\core\Password->form_init, do_action('um_reset_password_process_hook'), WP_Hook->do_action, WP_Hook->apply_filters, um\core\Password->um_reset_password_process_hook, um\core\User->password_reset, um\core\Mail->send, um\core\Mail->prepare_template, um\core\Mail->get_email_template, include('/themes/enwikuna/ultimate-member/email/resetpw_email.php'), um\core\Password->reset_url, get_password_reset_key
[30-Dec-2018 14:04:52 UTC] Hashed: 1546178692:$P$BSQgzwcRgvKVaSbQ5U5uQ.YUHIHfoB.
[30-Dec-2018 14:04:52 UTC] Key saved: 1546178692:$P$BSQgzwcRgvKVaSbQ5U5uQ.YUHIHfoB.
[30-Dec-2018 14:04:52 UTC] Reset URL: https://www.enwikuna.de/passwort-zuruecksetzten/?act=reset_password&hash=6vjgRQfnvawpH5Ga6S8S&user_id=19
[30-Dec-2018 14:04:52 UTC] require('wp-blog-header.php'), require_once('wp-includes/template-loader.php'), do_action('template_redirect'), WP_Hook->do_action, WP_Hook->apply_filters, um\core\Password->form_init, do_action('um_reset_password_process_hook'), WP_Hook->do_action, WP_Hook->apply_filters, um\core\Password->um_reset_password_process_hook, um\core\User->password_reset, um\core\Mail->send, um\core\Mail->prepare_template, um_convert_tags, um_user, um\core\Password->reset_url, get_password_reset_key
[30-Dec-2018 14:04:52 UTC] Hashed: 1546178692:$P$Bw6cVAT69d34uzXkEf2uKAYf40Kwnm/
[30-Dec-2018 14:04:52 UTC] Key saved: 1546178692:$P$Bw6cVAT69d34uzXkEf2uKAYf40Kwnm/

I’ve did some debugging sessions and found out that there are 4 times a hash and a key get’s generated with the current UM version.

The problem is that the key and hash pair generated by the {password_reset_link} action in the resetpw_email is pair number 3.

But after this pair another pair is created which has also a key and a hash. The problem is now, that the hash number 4 is saved to the database but the key from hash number 3 is sent via email to the member.

So the result is, that all keys are invalid because the key from pair 3 don’t matches the hash from pair 4 (which makes sense).

To clarify if this is the problem I would love if you can do following steps and paste your result into this question. This is what you need to do:

(Please don’t do this if you are new in programming!)

1. Open your wp-config.php and add following to the end of the file:

define( 'WP_DEBUG', true );
define( 'WP_DEBUG_LOG', true );

(This will generate a debug.log directly in the wp-content folder of WordPress)

2. Go into the wp-includes folder and open the file users.php. Search for this line of code:

$hashed = time() . ':' . $wp_hasher->HashPassword( $key );

Add directly after this these 2 expressions:

error_log( 'Key from user.php: ' . $key );
error_log( 'Hash from user.php: ' . $hashed );

Save the file now and open the email templateresetpw_email.php from UM. Remove now the {password_reset_link} from the <a href="{password_reset_link}">.

Now you need to add this here between the php tags at the top of the file:

error_log('Reset link from email: ' . UM()->password()->reset_url() );

So now we are good to go. Save all and upload it to your server. Go now to your UM reset password page and to just one reset. When you got the message that the email was sent successfully, open the debug.log file in your wp-content folder and paste the content here as an answer. We need to do this to check if it’s not just a problem on my side and a global one.

Undo now all what we did to remove the debugging from your page (We don’t need this anymore I think).

By the way I’m not a member from UM. I’m just a programmer and I’m very interested to solve this issue.

• This reply was modified 6 years, 2 months ago by lolitsjohnnyboy.

Check out this question @stackoverflow: https://stackoverflow.com/questions/53905184/wordpress-reset-password-always-invalid-key

I’ve found the problem. The hash generated by the key which get’s generated with the function reset_url() in the file class-password.php from UM is different than the has which is wrote into the DB.

Also the WP function generates 4 hashes but only one is used so I think there must be a huge problem with the UM plugin according to the hash function from WP:

[23-Dec-2018 15:57:41 UTC] 1545580661:$P$BiLzjLuPDHwVtUlnLmEQE19D4UpgJf0
[23-Dec-2018 15:57:41 UTC] 1545580661:$P$BCAl/MTbiuCyqiix7310EOEn.eJlQz1
[23-Dec-2018 15:57:41 UTC] 1545580661:$P$BH0W.btK4hYFNDidKh.DA46KZhp5Ay.
[23-Dec-2018 15:57:41 UTC] Hash from mail: 1545580661:$P$BOzHQ9mIasqhbdYnkK0n.EXhGXBFyD0
[23-Dec-2018 15:57:41 UTC] 1545580661:$P$BGRg8guQBbhuNKdMCIDSweNUDKLG1v/

I don’t know how to fix this but I’ll try a bit and let u know when it works.

• This reply was modified 6 years, 2 months ago by lolitsjohnnyboy.

This is not the solution. It’s a problem with the key generation when using custom E-Mail templates. I’m currently trying to find the problem and will fix it. I’ll let u know when I’ve found a solution.