Home Forums WordPress Plugins Hide My WP lost password not working for any users, works for administrator when logged out

This topic is: resolved

This topic contains 10 replies, has 2 voices, and was last updated by  eyeca 4 days, 18 hours ago.

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #27363
    eyeca
    Active
    Post count: 16

    Hi,

    As the title says, users that don’t remember their password, can see the /lostpassword page and enter their email to reset their password.
    The emails contain the right url with username & code.
    But when they follow that link, they see a 404 page, instead of the form where they were supposed to enter the new password.

    The reset password php file checks if the user and code is right and then displays the reset password field, otherwise it displays the email submit form:
    <?php if((isset($_GET['user']) && isset($_GET['code']) && my_user::can_reset_password($_GET['user'], $_GET['code']))) {?>

    If me (the admin) requests a reset password link and I am logged out, it works fine and the form is displayed, so I can enter my new password. I don’t get a 404 page.

    Do you know how I can solve this?
    I think I need to set trusted role to everyone just for that page, is this right? And how can this be done?

    Thank you!

    • This topic was modified 2 weeks, 4 days ago by  eyeca.
    • This topic was modified 2 weeks, 4 days ago by  eyeca.
    #27371
    Suman M.
    Post count: 10735

    Hi, yes, please try setting trusted user role for the users in HMWP General Settings tab. Let us know.

    #27372
    eyeca
    Active
    Post count: 16

    I set all user roles to trusted but it doesn’t work.
    I need not logged in users to reset their password.
    They do not have a user role since they are not logged in.
    Am I right?

    #27375
    eyeca
    Active
    Post count: 16

    I deactivated HMWP and it worked. Then I activated it again (remember to export your settings before deactivating it, as it will lose them).
    So it must have something to do with the htaccess rules.
    I tried to uncheck all checkboxes in HMWP one by one but no luck.
    I have also reset /wp-includes folder renaming to its default name but still no success.
    This is really frustrating.
    Please advise.

    Thank you

    • This reply was modified 2 weeks, 4 days ago by  eyeca.
    • This reply was modified 2 weeks, 4 days ago by  eyeca.
    #27383
    Suman M.
    Post count: 10735

    Hi, can you please let us know your site’s wp-admin login details as private reply so that we can check the issue further? Thanks!

    #27498
    eyeca
    Active
    Post count: 16
    This reply has been marked as private.
    #27499
    eyeca
    Active
    Post count: 16
    This reply has been marked as private.
    #27510
    Suman M.
    Post count: 10735

    Hi, the issue is resolved now. I’ve emptied Author Base and Author Query fields in HMWP Permalinks & URLs tab. Please check and let us know.

    #27516
    eyeca
    Active
    Post count: 16

    Hi, thank you very much for your help, it’s working now!

    I noticed that with repopulating the Author Base field, the lost password form still works, so I only let the Author Query field empty.
    Is this ok or will there be any unexpected behavior?

    Also is there now a security concern that Author Query is not masked?

    Thank you!

    • This reply was modified 4 days, 18 hours ago by  eyeca.
    #27519
    Suman M.
    Post count: 10735

    Yes, that’s fine. Even if you leave Author Query blank, it won’t add up to security concern.

    #27520
    eyeca
    Active
    Post count: 16

    Thank you very much, have a nice day!

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.