Password Reset button not working

[shoelaced]

Hi all,

The password reset button hasn't worked for a long time for me - I keep hoping a new update or a hotfix will fix it but I just updated to 7.9.2 and still nope. What happens is that when the user clicks the password reset button, it stays on the login screen and says "restricted."

In order to fix it I have to go into my (custom) theme and change the placeholder in the button's `href` attribute to a hard-coded link to https://mydomain.com/pwreset.php. After that it works fine.

It's been an issue for several releases and I figured if it was an actual bug there'd already be a fix for it, but I'm not finding other reports about it, so I'm guessing it's on my end somewhere but I have no idea what could be the issue.

Has anyone else experienced this?

[shoelaced]

Update - I found that my "URI rewrite management" rules were out-of-sync and the auto-managed rewrite was turned off, and I am on an Apache server so I tried turning it on and syncing it.

Now the password reset button tries to send me to "https://mydomain.com/password/reset/login.php" but it gives me a "too many redirects" error in the browser (Chrome).

mydomain.com/pwreset.php still works though, so I suppose I'll just keep updating my theme to that...

[brian!]

2 minutes ago, shoelaced said:

mydomain.com/pwreset.php still works though, so I suppose I'll just keep updating my theme to that...

in recent versions of Six, the pwreset.tpl template is empty and has been replaced with four separate password-reset templates... you might want to update your custom template to use these new templates.

[shoelaced]

I have, as far as I know. I keep my custom theme in a Git repository so whenever there's an update I just delete my theme, FTP into the Six directory, copy everything down, and then just go through and discard all my changes that I want to keep (which are very minimal and mostly CSS) from the commit. Assuming the Six theme in my WHMCS installation gets updated along with everything else, my custom theme should practically just be a re-styled version of the latest Six.

I just checked and my pwreset.tpl template is in fact empty... Is https://mydomain.com/password/reset/login.php the correct url for the password reset form?  I'm not sure why it would be going through too many redirects after syncing the rewrite rules, given that previously my .htacces was completely empty. Now it only contains the auto-generated WHMCS rules.

 

[zomex]

As Brian said the password reset has been changed a lot in recent versions and pwreset.php is no longer used.

The new path for password reset is (this assumes you have SEO friendly URLs enabled in WHMCS):

https://mydomain.com/password/reset/begin

I would recommend first testing the Six template. If it works then it would indicate that your template is missing a update. If it doesn't then it could be an issue with your URL settings or WHMCS configuration depending on what is/isn't happening.

[shoelaced]

23 minutes ago, zomex said:

I would recommend first testing the Six template.

Thanks for the reply. Just tested the Six template and it doesn't work either.

When I hover over the button Chrome does say that it leads to https://mydomain.com/password/reset/begin, but the url in the url bar is https://mydomain.com/password/reset/login.php, and it gives me the too many redirects error. If I put the /password/reset/begin url into Redirect Checker, it produces the following (obviously I used my real domain):

Result
https://mydomain.com/password/reset/begin
302 Found
login.php
302 Found
login.php
302 Found
login.php
302 Found
login.php
302 Found
login.php
302 Found
login.php
302 Found
login.php
302 Found
login.php
302 Found
login.php
302 Found
login.php
302 Found
login.php
302 Found
login.php
302 Found
login.php
302 Found
login.php
302 Found
login.php
302 Found
login.php
302 Found
login.php
302 Found
login.php
302 Found
login.php
302 Found

So for some reason it appears to be getting caught in an infinite loop back to login.php. In my WHMCS settings I have the Friendly URLs on "Full Friendly Rewrite," which is the system-detected setting and I've clicked the little refresh icon there, which opts for Full Friendly Rewrite as well. But I've tried all the other URL settings and none of them work either. One thing I'm noticing is that when browsing around in the client area (everything else works fine), the URLs are all things like ?action=invoices, whereas I thought the Full Friendly Rewrite would make it something like /invoices. Is that normal?

[brian!]

2 hours ago, shoelaced said:

One thing I'm noticing is that when browsing around in the client area (everything else works fine), the URLs are all things like ?action=invoices, whereas I thought the Full Friendly Rewrite would make it something like /invoices. Is that normal?

yes, that's "normal" for WHMCS.

[shoelaced]

Ha. Okay, well... any ideas on how I can debug this?

[brian!]

18 hours ago, shoelaced said:

any ideas on how I can debug this?

have you tried changing the Friendly URL (or as I think of it FU) settings, e.g to Basic URLs or the Friendly index.php ?

the problem (though there are many with FU) is that occasionally some feature/link won't work with a certain FU setting, so you should try the other options and see if that fixes the issue.

[shoelaced]

I tried that, doesn't seem to work - although setting it to Basic URLs makes it do what it was doing before, where it would just stay on the login screen and print a message about the page being restricted. Maybe because I have the "always redirect to login" option turned on... I'll have to try turning that off when I have a sec. I only use it for my private clients for whom I manually make accounts, so the whole site is only accessible after logging in.