WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#23874 closed defect (bug) (duplicate)

Multisite: forgot password link navigates to the primary domain not the current domain.

Reported by: cullaloe Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.5.1
Component: Multisite Keywords:
Focuses: Cc:

Description (last modified by SergeyBiryukov)

Users on subsites clicking "forgot password" link are directed to the network domain to reset their password. This causes confusion for users as they finish up on the network domain instead of the site they think they are registered on.

According to @Philly's post on http://www.s2member.com/forums/topic/login-widget-on-multisite/ this was introduced "Its a WordPress bug introduced [in 2011] in wp-includes/general-template.php". He offers the following modifications, which work nicely on my installation (3.5.1).

wp-includes/general-template.php:

function wp_lostpassword_url( $redirect = '' ) {
	        $args = array( 'action' => 'lostpassword' );
	        if ( !empty($redirect) ) {
	                $args['redirect_to'] = $redirect;
	        }
	
	        $lostpassword_url = add_query_arg( $args, network_site_url('wp-login.php', 'login') );
	        return apply_filters( 'lostpassword_url', $lostpassword_url, $redirect );
}

Should be

function wp_lostpassword_url( $redirect = '' ) {
	        $args = array( 'action' => 'lostpassword' );
	        if ( !empty($redirect) ) {
	                $args['redirect_to'] = $redirect;
	        }
	
	        $lostpassword_url = add_query_arg( $args, site_url('wp-login.php', 'login') );
	        return apply_filters( 'lostpassword_url', $lostpassword_url, $redirect );
}

Also WordPress is generating the incorrect email in wp-login.php

$message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
	$message .= network_home_url( '/' ) . "\r\n\r\n";
	$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
	$message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
	$message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
	$message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";

should be

$message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
	$message .= home_url( '/' ) . "\r\n\r\n";
	$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
	$message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
	$message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
	$message .= '<' . site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";

Change History (4)

comment:1 @jamescollins2 years ago

I think this is a duplicate of #21352

comment:2 @jamescollins2 years ago

  • Keywords needs-patch removed
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #21352.

comment:3 @SergeyBiryukov2 years ago

  • Description modified (diff)
  • Milestone Awaiting Review deleted

comment:4 @cullaloe2 years ago

@jamescollins yes, you're right, it's a duplicate. Sorry for generating unnecessary effort and thanks for spotting it.

Note: See TracTickets for help on using tickets.