Home › Forums › WordPress Plugins › Hide My WP › lost password not working for any users, works for administrator when logged out
- This topic has 10 replies, 2 voices, and was last updated 4 years, 6 months ago by eyeca.
-
AuthorPosts
-
August 29, 2019 at 9:51 am #27363
Hi,
As the title says, users that don’t remember their password, can see the /lostpassword page and enter their email to reset their password.
The emails contain the right url with username & code.
But when they follow that link, they see a 404 page, instead of the form where they were supposed to enter the new password.The reset password php file checks if the user and code is right and then displays the reset password field, otherwise it displays the email submit form:
<?php if((isset($_GET['user']) && isset($_GET['code']) && my_user::can_reset_password($_GET['user'], $_GET['code']))) {?>
If me (the admin) requests a reset password link and I am logged out, it works fine and the form is displayed, so I can enter my new password. I don’t get a 404 page.
Do you know how I can solve this?
I think I need to set trusted role to everyone just for that page, is this right? And how can this be done?Thank you!
August 29, 2019 at 4:57 pm #27371Suman M.Post count: 12478Hi, yes, please try setting trusted user role for the users in HMWP General Settings tab. Let us know.
August 29, 2019 at 5:03 pm #27372I set all user roles to trusted but it doesn’t work.
I need not logged in users to reset their password.
They do not have a user role since they are not logged in.
Am I right?August 29, 2019 at 7:10 pm #27375I deactivated HMWP and it worked. Then I activated it again (remember to export your settings before deactivating it, as it will lose them).
So it must have something to do with the htaccess rules.
I tried to uncheck all checkboxes in HMWP one by one but no luck.
I have also reset /wp-includes folder renaming to its default name but still no success.
This is really frustrating.
Please advise.Thank you
August 30, 2019 at 4:27 am #27383Suman M.Post count: 12478Hi, can you please let us know your site’s wp-admin login details as private reply so that we can check the issue further? Thanks!
September 10, 2019 at 5:22 pm #27498This reply has been marked as private.September 10, 2019 at 6:07 pm #27499This reply has been marked as private.September 12, 2019 at 4:45 am #27510Suman M.Post count: 12478Hi, the issue is resolved now. I’ve emptied Author Base and Author Query fields in HMWP Permalinks & URLs tab. Please check and let us know.
September 12, 2019 at 6:24 am #27516Hi, thank you very much for your help, it’s working now!
I noticed that with repopulating the Author Base field, the lost password form still works, so I only let the Author Query field empty.
Is this ok or will there be any unexpected behavior?Also is there now a security concern that Author Query is not masked?
Thank you!
- This reply was modified 4 years, 6 months ago by eyeca.
September 12, 2019 at 6:48 am #27519Suman M.Post count: 12478Yes, that’s fine. Even if you leave Author Query blank, it won’t add up to security concern.
September 12, 2019 at 6:49 am #27520Thank you very much, have a nice day!
-
AuthorPosts
You must be logged in to reply to this topic.