Jump to content

Clients using Forgot Password link get into a endless loop

aknight

By aknight
in Troubleshooting Issues

 Share

Recommended Posts

aknight Member

aknight

Posted
Posted

When a client clicks the "forgot password" on the client login page, they receive the expected password reset email. When they click the link, even within a minute time frame, they are linked to a page Lost Password Reset and the page is asking for the clients email address again. Enter the email address and the loo[p begins.

WHMCS: 7.5.1

PHP: 7.2

-Allan

 

0
Link to comment
Share on other sites
  • WHMCS Support Manager
WHMCS John Senior Member

WHMCS John

Posted
  • WHMCS Support Manager
Posted

Hi @aknight,

There are two likely causes:

1. The "Password Reset Validation" email template link code is invalid. Here is the default: 

<p>Dear {$client_name},</p>
<p>Recently a request was submitted to reset your password for our client area. If you did not request this, please ignore this email. It will expire and become useless in 2 hours time.</p>
<p>To reset your password, please visit the url below:<br /><a href="{$pw_reset_url}">{$pw_reset_url}</a></p>
<p>When you visit the link above, you will have the opportunity to choose a new password.</p>
<p>{$signature}</p>

 

2. The structure of the tblclients table in your MySQL database is not as expected.

Check that the type is "Int(10)2 and the default value is "none" or blank.

0
Link to comment
Share on other sites
aknight Member

aknight

Posted
  • Author
Posted

The Password Reset Validation template is correct. The structure of the tblclients table is type int(10)2 and the default value is "none".

I then did a test, changing the email address to myself and the password reset worked as expected. We have had complaints from more than one client with the same loop issue and have been able to replicate when logging into their email.

 

-Allan

0
Link to comment
Share on other sites
  • 3 weeks later...
aknight Member

aknight

Posted
  • Author
Posted

a little more info, if I am logged into WHMCS when I click the email link, the link works as expected and allows me to reset the password. When I am not logged in, th link takes me to a page asking for my email address and starts the loop.

0
Link to comment
Share on other sites
  • 3 weeks later...
aknight Member

aknight

Posted
  • Author
Posted

i-Plugins has replied with:

a change in WHMCS from 7.5.0 to 7.5.1 (WHMCS Issue: CORE-12144) caused the password reset page to redirect before any hooks are called which means we cannot catch it.

What you need to do is to add the following to your WHMCS .htaccess file below the RewriteEngine on line 

RewriteCond %{QUERY_STRING} ^key=(.+?)$
RewriteRule pwreset.php https://www.domain.com/portal/pwreset?key=%1 [L,R=302]

I then got time out errors until I added a "/" in front of pwreset.php.

Unfortunately I am now back to getting the email address request from the password reset link.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept