I am in a pickle now, about to release a Wordpress-based app and I can't get the registration complete because password set/reset key is sometimes invalid.
I say sometimes because when the user is registered, he gets link to set the password, and that is always invalid. Then he is asked to enter his username to reset the password and a new email is sent. That link is also invalid, however, if he requests a new password reset email again, then the link is valid.
The problem seems to be the key generated. When they key is clean of symbols, it works, example:
/?key=f2XFLHJGvemH&id=209
When the key is with symbols, it gets denied, example:
/?key=%sPRkgT7fW%5D@&id=209
I disabled all plugins and it acts the same way. No caching plugins installed.
What could be happening here? Please help!
Edit:
I repĺicated this behavior again to make sure, and this time it took 4 tries. So I am guessing that if you keep trying to get a clean key, it works. Why would this be happening?
I am in a pickle now, about to release a Wordpress-based app and I can't get the registration complete because password set/reset key is sometimes invalid.
I say sometimes because when the user is registered, he gets link to set the password, and that is always invalid. Then he is asked to enter his username to reset the password and a new email is sent. That link is also invalid, however, if he requests a new password reset email again, then the link is valid.
The problem seems to be the key generated. When they key is clean of symbols, it works, example:
https://www.example/account/reset/?key=f2XFLHJGvemH&id=209
When the key is with symbols, it gets denied, example:
https://www.example/account/reset/?key=%sPRkgT7fW%5D@&id=209
I disabled all plugins and it acts the same way. No caching plugins installed.
What could be happening here? Please help!
Edit:
I repĺicated this behavior again to make sure, and this time it took 4 tries. So I am guessing that if you keep trying to get a clean key, it works. Why would this be happening?
Share Improve this question edited Jan 31, 2020 at 19:07 Caio Mar asked Feb 28, 2019 at 15:55 Caio MarCaio Mar 4344 silver badges16 bronze badges1 Answer
Reset to default 1Problem solved!
I had a filter hooked onto random_password filter to generate passwords with custom rules and get_password_reset_key uses the function wp_generate_password to generate the key, and that is why I was getting the behavior I was getting. Allz I had to do was to remove my filter from it, and bada bing bada boom, it works.