Make WordPress Core

Opened 14 years ago

Closed 12 years ago

#13351 closed defect (bug) (fixed)

Auto-generated Password Nag

Reported by: battis's profile battis Owned by:
Milestone: 3.5 Priority: normal
Severity: normal Version:
Component: Administration Keywords: has-patch
Focuses: Cc:


Whenever I log in, I am warned that "You’re using the auto-generated password for your account. Would you like to change it to something you’ll remember easier?" -- even after having changed my password (and clicked the link to "No thanks, do not remind me again")

This appears in WordPress 3.0-beta2-14550

Attachments (1)

13351.patch (1.0 KB) - added by SergeyBiryukov 12 years ago.

Download all attachments as: .zip

Change History (6)

#1 @dd32
14 years ago

  • Component changed from General to Administration
  • Keywords reporter-feedback added
  • Milestone changed from Unassigned to 3.0

Was this installed on SVN trunk a few weeks ago? I believe there was a bug for a few revisions which result in this.

Does this occur on a new installation of the latest trunk?

#2 @dd32
14 years ago

  • Milestone 3.0 deleted
  • Resolution set to worksforme
  • Status changed from new to closed

Just tested this, Both changing the users password and clicking the dismiss option appears to be working correctly for me.

If you experience this on a clean install, please re-open with any specifics on the environment/configuration of WordPress you are using.

#3 @TomAuger
12 years ago

  • Resolution worksforme deleted
  • Status changed from closed to reopened
  • Version changed from 3.0 to 3.4.1

Just had this happen twice with two fresh installs from trunk (3.5-alpha-21499) on a local XAMPP box.

Here's the install process I followed both times:

  • create a new directory inside my server path
  • checkout
  • create a new DB
  • edit wp-config.php
  • 5-minute install (more like 5 seconds these days!)
  • default user ('admin')
  • get the auto-generated pwd message. Copy the pwd
  • log in with auto-generated pwd
  • get the nag
  • click the nag to go to profile
  • change the password
  • this logs you out
  • log in with the new password
  • nag is still there.

#4 @SergeyBiryukov
12 years ago

  • Keywords has-patch added; reporter-feedback removed
  • Milestone set to 3.5
  • Version 3.4.1 deleted

The latest bug was introduced in [21376].

Now that get_userdata() returns existing data for current user, default_password_nag_edit_user() compares the old password to itself and fails to delete the default_password_nag option:

wp_generate_auth_cookie() (called via wp_update_user()) also receives the old data, which causes it to create cookies for the old password and leads to logout:

13351.patch replaces get_userdata() with new WP_User() in those two places. An alternative would probably be to check if $_POST (or a specific key) is empty in get_user_by().

Last edited 12 years ago by SergeyBiryukov (previous) (diff)

#5 @SergeyBiryukov
12 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

Fixed in [21563].

Note: See TracTickets for help on using tickets.