Why is the reset password key missing in the reset password email?

1 Views

WordPress 3.2.1 – The reset password URL in the email generated by http://mysite.com/wp-login.php?action=lostpassword does not contain a valid key and so users are unable to reset their password.

We do have Register Plus Redux plugin installed but the problem persists even if I disable it.
Is this a known issue?

Read More

Clicking the link gives the error “Sorry, that key does not appear to be valid.” The link looks like this:

http://mysite.com/wp-login.php?action=rp&key=&login=email%40mysite.com (they key is empty)

Post Views: 1

Related posts

Leave a Reply

1 comment

  1. The site’s original developer was using the reset_password_message filter and had either done it incorrectly or the core code has changed. The following function now works:

    function reset_password_message( $message, $key ) {

    if ( strpos($_POST['user_login'], '@') ) {
        $user_data = get_user_by('email', trim($_POST['user_login']));
    } else {
        $login = trim($_POST['user_login']);
        $user_data = get_user_by('login', $login);
    }

    $user_login = $user_data->user_login;

    $msg = __('The password for the following account has been requested to be reset:'). "rnrn";
    $msg .= network_site_url() . "rnrn";
    $msg .= sprintf(__('Username: %s'), $user_login) . "rnrn";
    $msg .= __('If this message was sent in error, please ignore this email.') . "rnrn";
    $msg .= __('To reset your password, visit the following address:');
    $msg .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">rn";

    return $msg;

}

add_filter('retrieve_password_message', reset_password_message, null, 2);