WordPress.org

Make WordPress Core

Opened 2 years ago

Last modified 2 years ago

#23874 closed defect (bug)

Multisite: forgot password link navigates to the primary domain not the current domain. — at Initial Version

Reported by: cullaloe Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.5.1
Component: Multisite Keywords:
Focuses: Cc:

Description

Users on subsites clicking "forgot password" link are directed to the network domain to reset their password. This causes confusion for users as they finish up on the network domain instead of the site they think they are registered on.

According to @Philly's post on http://www.s2member.com/forums/topic/login-widget-on-multisite/ this was introduced "Its a WordPress bug introduced [in 2011] in wp-includes/general-template.php". He offers the following modifications, which work nicely on my installation (3.5.1).

wp-includes/general-template.php:

function wp_lostpassword_url( $redirect = ) {

$args = array( 'action' => 'lostpassword' );
if ( !empty($redirect) ) {

$argsredirect_to? = $redirect;

}


$lostpassword_url = add_query_arg( $args, network_site_url('wp-login.php', 'login') );
return apply_filters( 'lostpassword_url', $lostpassword_url, $redirect );

}

Should be

function wp_lostpassword_url( $redirect = ) {

$args = array( 'action' => 'lostpassword' );
if ( !empty($redirect) ) {

$argsredirect_to? = $redirect;

}


$lostpassword_url = add_query_arg( $args, site_url('wp-login.php', 'login') );
return apply_filters( 'lostpassword_url', $lostpassword_url, $redirect );

}

Also WordPress is generating the incorrect email in wp-login.php

$message = ('Someone requested that the password be reset for the following account:') . "\r\n\r\n";

$message .= network_home_url( '/' ) . "\r\n\r\n";
$message .= sprintf(('Username: %s'), $user_login) . "\r\n\r\n";
$message .=
('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
$message .= ('To reset your password, visit the following address:') . "\r\n\r\n";
$message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";

should be

$message = ('Someone requested that the password be reset for the following account:') . "\r\n\r\n";

$message .= home_url( '/' ) . "\r\n\r\n";
$message .= sprintf(('Username: %s'), $user_login) . "\r\n\r\n";
$message .=
('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
$message .= ('To reset your password, visit the following address:') . "\r\n\r\n";
$message .= '<' . site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";

Change History (0)

Note: See TracTickets for help on using tickets.