I am using the version 2.1.12 of Woocommerce and I'm having trouble getting the password reset to work. Using a test customer account, I use the 'Lost Password' link, and once I've entered my address I receive the e-mail. Only problem is the link in the email just takes me to password reset page , after entering the new password , it doesn't get saved, still the login works with old-password.
Related
How do I disable the password recovery link in a WordPress password recovery email?
The email, along with the link, is generated and sent by WordPress when you press the lost password link. WordPress says just ignore the email, but the recovery link is still active and can lead anyone to a page to reset the password to that account. I want to force that link to expire prematurely.
I have tried changing the authentication keys and salts, playing around with the account but what I don't want to do is delete the account and create a new one.
I am set up to create customer account after checkout with paypal.
I receive the order and customer gets back to thank you page but unless I go in and hit complete the password is not sent to them. Any clue on what I can do ?
All The following are checked. I am running WC 2.4.10 on the latest wordpress.
Enable registration on the "Checkout" page
Display returning customer login reminder on the "Checkout" page
Account Creation
Account Creation Automatically generate username from customer email
Automatically generate customer password
I want the following functionality when a user click on 'forgot password',
I want the user to get an email to reset his password.[(i.e.,)A password reset link to be sent] when he click on the link, A new password should be generated and sent to his email
Any idea?
Thanks
Drupal already has password reset functionality but it's not working exactly as you want it since sending passwords over email is not safe.
Instead you get a link for one time login where you can reset your password (is it safer at all?).
URL for password reset page is /user/password
Recently i forgot my login to my wordpress installation.
I managed to change my password threw the database and now i can login...
But after i login i get the error:
"Please enter your username or email address. You will receive a link to create a new password via email. Your password must be reset. Please submit this form to reset it."
The Problem is my server cant send emails, .... so now what are my options ?
Maybe this is a feature of a plugin i installed, i have been inactive from this site for a long time.
EDIT: Plugin is login-security-solution, i will now disable it and keep you updated.
Conflicting plugin called login-secutiry-solutions caused this, I removed it and now im in.
I'm using forms authentication for an app that allows users to register but not active. We will send out an activation code via snail mail (long story) and the user can return with that info and activate their account.
I want to create a page where the user can come back and enter their username, password and generated key to activate the account. The key I have stored in another table and I plan to generate it. I'm having trouble verifying the username and password with an inactive account. I've tried Membership.ValidateUser(username,password) and it fails but if I activate the account, it works.
Ideas on how to check this?
Activate the account first.
If you are sending them the activation code in an email, have a anonymous access page which receives the activation code from the email (perhaps via querystring), activates the account, and redirects them to a login page with forms authentication activated (assuming the username and password are already created).
If the access code is invalid and fails, you can optionally deactivate the account.
I would not set IsActive = false. That is for disabling an account, preventing any type of login. Instead, I do not see a problem leaving them with the ability to login. I would use a Membership Role to specify when a user is verified. I.e. "Verified".
If they have not activated their account and attempt to login, you simply check to see if they have the Verified role. If not, redirect them to a page of "You account is not yet activated. Please wait for snail mail". Or a "Please enter your verification code below." message.
When they do finally enter the proper verification code from snail mail, you simply add them to the Verified role.
This gives you the control of allowing them to login and "check" the status of their account. And, resolves your IsActive issue.