id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
18771	Reset Password link generation	binaryweb		"I have been having problems with the login following a reset password. 

A user click the ""forgotten password"" link and then after receiving the email clicks the link in the email to reset their password submits their new password gets a message that says ""You have successfully reset your passoword. Log in"" The link for login is not being generated correctly which is causing them to get a ""Invalid Key"" error.

Here is what I have dont to temporarily resolve the issue:

in wp-login.php I modified the following lines of code:

changed Line 207:

{{{
if ( empty($key) ) {
}}}

to this:

{{{
if ( empty($key) || preg_match('/[^a-z0-9]/i',$key) != 0) {
}}}

Removing special characters from the key that gets emailed to the users when they click the ""forgotten password"" link on the login page.



Commented out Line 444:

{{{
login_header(__('Password Reset'), '<p class=""message reset-pass"">' . __('Your password has been reset.') . ' <a href=""' . site_url('wp-login.php', 'login') . '"">' . __('Log in') . '</a></p>');
}}}

then slightly modified it removing the login link from the message

{{{
login_header(__('Password Reset'), '<p class=""message reset-pass"">' . __('Your password has been reset.') . '</p>');
}}}


This change forces the user to return to the homepage before logging in again and then they dont get the ""invalid key"" error. 

It would be nice if there were a more permenant fix for this issue that wouldn't get lost when we update the next time."	defect (bug)	new	normal	Awaiting Review	Users	3.2.1	normal		close