Jump to content

Clients using Forgot Password link get into a endless loop


Recommended Posts

When a client clicks the "forgot password" on the client login page, they receive the expected password reset email. When they click the link, even within a minute time frame, they are linked to a page Lost Password Reset and the page is asking for the clients email address again. Enter the email address and the loo[p begins.

WHMCS: 7.5.1

PHP: 7.2

-Allan

 

Link to comment
Share on other sites

  • WHMCS Support Manager

Hi @aknight,

There are two likely causes:

1. The "Password Reset Validation" email template link code is invalid. Here is the default:

<p>Dear {$client_name},</p>
<p>Recently a request was submitted to reset your password for our client area. If you did not request this, please ignore this email. It will expire and become useless in 2 hours time.</p>
<p>To reset your password, please visit the url below:<br /><a href="{$pw_reset_url}">{$pw_reset_url}</a></p>
<p>When you visit the link above, you will have the opportunity to choose a new password.</p>
<p>{$signature}</p>

 

2. The structure of the tblclients table in your MySQL database is not as expected.

Check that the type is "Int(10)2 and the default value is "none" or blank.

Link to comment
Share on other sites

The Password Reset Validation template is correct. The structure of the tblclients table is type int(10)2 and the default value is "none".

I then did a test, changing the email address to myself and the password reset worked as expected. We have had complaints from more than one client with the same loop issue and have been able to replicate when logging into their email.

 

-Allan

Link to comment
Share on other sites

  • 3 weeks later...

a little more info, if I am logged into WHMCS when I click the email link, the link works as expected and allows me to reset the password. When I am not logged in, th link takes me to a page asking for my email address and starts the loop.

Link to comment
Share on other sites

  • 3 weeks later...

i-Plugins has replied with:

a change in WHMCS from 7.5.0 to 7.5.1 (WHMCS Issue: CORE-12144) caused the password reset page to redirect before any hooks are called which means we cannot catch it.

What you need to do is to add the following to your WHMCS .htaccess file below the RewriteEngine on line

RewriteCond %{QUERY_STRING} ^key=(.+?)$
RewriteRule pwreset.php https://www.domain.com/portal/pwreset?key=%1 [L,R=302]

I then got time out errors until I added a "/" in front of pwreset.php.

Unfortunately I am now back to getting the email address request from the password reset link.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated