WordPress 3.2.1 – The reset password URL in the email generated by http://mysite.com/wp-login.php?action=lostpassword does not contain a valid key and so users are unable to reset their password.
We do have Register Plus Redux plugin installed but the problem persists even if I disable it.
Is this a known issue?
Clicking the link gives the error “Sorry, that key does not appear to be valid.” The link looks like this:
http://mysite.com/wp-login.php?action=rp&key=&login=email%40mysite.com (they key is empty)
The site’s original developer was using the reset_password_message filter and had either done it incorrectly or the core code has changed. The following function now works:
function reset_password_message( $message, $key ) {
if ( strpos($_POST['user_login'], '@') ) {
$user_data = get_user_by('email', trim($_POST['user_login']));
} else {
$login = trim($_POST['user_login']);
$user_data = get_user_by('login', $login);
}
$user_login = $user_data->user_login;
$msg = __('The password for the following account has been requested to be reset:'). "\r\n\r\n";
$msg .= network_site_url() . "\r\n\r\n";
$msg .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
$msg .= __('If this message was sent in error, please ignore this email.') . "\r\n\r\n";
$msg .= __('To reset your password, visit the following address:');
$msg .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";
return $msg;
}
add_filter('retrieve_password_message', reset_password_message, null, 2);
