Hi All,
Members are emailing saying;
"I'm trying to reset my password, but when I've put in a new one it's saying invalid activation code"
So I upgraded to 2.0.6 and tested this myself on a test account by asking for a "password reset" and I get the "Invalid Activation Code" errors (see image attached) after clicking the link and choosing a new password which you can test yourself using the link below;
QuoteDear Stewpot,
This mail was sent because the 'forgot password' function has been applied to your account. To set a new password, click the following link:
http://www.curry-recipes.co.uk/curry/index.php?action=reminder;sa=setpassword;u=21515;code=6d27a91b7d
IP: 2.217.151.254
Username: Stewpot
.
I have the mods attached installed and all are working ok, note I upgraded to 2.0.6 today but this issue has been going on for a few weeks.
I also attach the sources\LogInOut.php file for review.
Any guidance appreciated.
Stew
Any errors in your error log?
You can check in phpmyadmin if the code generated there is the same as the one sent to you, field "validation_code"
Your members aren't getting impatient waiting for the email and requesting the reset twice? Subsequent reset requests invalidate any codes sent previously, so the code in the latest email is always the one that must be used.
Error log on database attached.
Does this indicate something in the code conflicting causing the issue?
The reminder is not dealt within LogInOut, rather Reminder.php
So I'm not sure if this error, or the collation issue, can cause this problem...
Can you check this?
Quote from: margarett on October 30, 2013, 06:15:30 AM
You can check in phpmyadmin if the code generated there is the same as the one sent to you, field "validation_code"
I attach reminder.php
I am not sure how to check in phpmyadmin, do I run a query on the file?
Regards,
Stew
You can do that, yes.
SELECT *
FROM smf_members
WHERE id_member = 21515
This will return the full row for your test user. One of the fields is "validation_code" (or you can SELECT validation_code and it will just return that column)
edit: there is something wrong with your file, you're missing this:
// Quit if this code is not right.
if (empty($_POST['code']) || substr($realCode, 0, 10) !== substr(md5($_POST['code']), 0, 10))
Instead you have this:
// Quit if this code is not right. if (empty($_POST['code']) || substr($realCode, 0, 10) !== substr(md5($_POST['code']), 0, 10))
(a line break was deleted, the "if" is commented out and that's why it always throw you out with error)
Just correct it or upload a "clean" Reminder.php and you should be fine ;)
Hi,
Validation Code: 797ff96172
I assume this is not aligning with the new password link?
Stew
More or less, it should be md5 hashed. Doesn't matter, look at my post again, I think I found your issue ;)
oh.... looks like someone edited a file using a bad editor, which removed many of the line breaks...... wonder what other files may be affected.
Issue resolved by inserting the line break in reminder.php file.
btw is there a way I can check for errors in other files?
Stew
You can diff it against original "clean" files (this is what I've done with Notepadd++ "Compare" plugin) but, if you add MODs, some files will be different so you must be careful and know what you are looking for...
I would say, keep a close eye to your forum error log and to any malfunctions occurring (like in this case) and we'll try to look case-by-case. If your files were severely damaged, your forum would be completely down so you should be fine.
I'm marking this as solved for you. Feel free to add any related questions you may still have or to create new topics with new ones ;)