Make WordPress Core

Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#23874 closed defect (bug) (duplicate)

Multisite: forgot password link navigates to the primary domain not the current domain.

Reported by: cullaloe's profile cullaloe Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.5.1
Component: Multisite Keywords:
Focuses: Cc:

Description (last modified by SergeyBiryukov)

Users on subsites clicking "forgot password" link are directed to the network domain to reset their password. This causes confusion for users as they finish up on the network domain instead of the site they think they are registered on.

According to @Philly's post on http://www.s2member.com/forums/topic/login-widget-on-multisite/ this was introduced "Its a WordPress bug introduced [in 2011] in wp-includes/general-template.php". He offers the following modifications, which work nicely on my installation (3.5.1).

wp-includes/general-template.php:

function wp_lostpassword_url( $redirect = '' ) {
	        $args = array( 'action' => 'lostpassword' );
	        if ( !empty($redirect) ) {
	                $args['redirect_to'] = $redirect;
	        }
	
	        $lostpassword_url = add_query_arg( $args, network_site_url('wp-login.php', 'login') );
	        return apply_filters( 'lostpassword_url', $lostpassword_url, $redirect );
}

Should be

function wp_lostpassword_url( $redirect = '' ) {
	        $args = array( 'action' => 'lostpassword' );
	        if ( !empty($redirect) ) {
	                $args['redirect_to'] = $redirect;
	        }
	
	        $lostpassword_url = add_query_arg( $args, site_url('wp-login.php', 'login') );
	        return apply_filters( 'lostpassword_url', $lostpassword_url, $redirect );
}

Also WordPress is generating the incorrect email in wp-login.php

$message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
	$message .= network_home_url( '/' ) . "\r\n\r\n";
	$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
	$message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
	$message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
	$message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";

should be

$message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
	$message .= home_url( '/' ) . "\r\n\r\n";
	$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
	$message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
	$message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
	$message .= '<' . site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";

Change History (4)

#1 @jamescollins
12 years ago

I think this is a duplicate of #21352

#2 @jamescollins
12 years ago

  • Keywords needs-patch removed
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #21352.

#3 @SergeyBiryukov
12 years ago

  • Description modified (diff)
  • Milestone Awaiting Review deleted

#4 @cullaloe
12 years ago

@jamescollins yes, you're right, it's a duplicate. Sorry for generating unnecessary effort and thanks for spotting it.

Note: See TracTickets for help on using tickets.