Active
Project:
Change password
Version:
6.x-1.x-dev
Component:
Code
Priority:
Major
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
9 Jul 2011 at 21:09 UTC
Updated:
18 Jul 2011 at 23:07 UTC
Like the title says.. when I have the latest release or the latest dev of phpass installed, my users cannot reset their password. They receive the email with the one-time login link, but when they click login, it just loops.
Same problem with both MD5 and phpass options in user settings.
Any ideas on a fix?
Comments
Comment #1
jmseigneur commentedI confirm the same issue with 6.x-1.1 and both md5 and secure pass options in users settings.
Comment #2
pwolanin commentedAbout to mark 1.x as unsupported as soon as 2.x is working fully with an update path. Let's re-evaluate then.
Comment #3
BogenDorpher commentedOk same problem with 2.x Beta1,
This is the one-time login link that is emailed to the user: http://www.sitename.com/?q=user/reset/27/1310892432/d1ddb57dd8aa420984ca...
When the user clicks it, it doesn't work. However, if you edit the link to be like this, it will work:
http://www.sitename.com/?q=user/reset/27/1310892432/d1ddb57dd8aa420984ca...
Looks like the redirect to change the password causes this problem. I don't have any login redirect modules installed, only Change Password.
Comment #4
pwolanin commentedI'm not sure where that destination query string is combing from. That's not something in core, so must be added by some other module you are using.
Comment #5
BogenDorpher commentedOk disregard, I figured out the problem. Looks like the Change Password module causes a conflict with Phpass. More specifically, this piece of code at the bottom of Change Password:
I deleted that code and now users can reset passwords just fine.
Comment #6
pwolanin commentedLooks like a bug there - it should not be directly appending a query string with "?"