Andy
Forum Replies Created
-
Posts
-
I have more information on this.
The logout fails inside function check_admin_referer which is in wp-includes/pluggable.php.
A comment at the top of the function says “Ensures intent by verifying that a user was referred from another admin page with the correct security nonce.”
It seems that the security nonce at the end of the logout URL changes after a password change. However, it is not updated on the page menu immediately after a password change.
If I revisit the page or visit a different UsersWP page then the nonce in the URL updates which explains why the logout is then successful. I thought before the URL was exactly the same but I was wrong.
So looks like you need to get the new nonce after password change?
Hi Patrik,
I saw the update come out with this fix in the changelog. I have applied it and password changed now functions as expected for me.
I have however had a different problem that seems related to password change. I’ve posted it in a different thread:
https://userswp.io/support/topic/403-forbidden-error-on-logout-after-successful-password-change/
Thank you.
Hi Patrik,
Yes it does work fine if I switch “0” to “no” instead.
Sounds like you have an is_empty() check somewhere, which will treat “0” as empty of course.
So this bug should trigger for any options with a value of zero – my test cases were focusing on length so I didn’t spot I was also changing the zero to other values.
Thanks
Hi Patrik,
Actually the field is defined as VARCHAR(49) in wp_uwp_usermeta and the values stored are actually only ‘0’ or ‘1’ anyway. Screenshot attached. (I didn’t set it to VARCHAR(49) manually, that’s how I found it).
I tried upping it to VARCHAR(255) and it didn’t fix the problem.
Is there somewhere else where a limit is kicking in?
Thanks,
AndyThis seems to be the right filter for fixing the tab links etc.
function wr_userswp_profile_link($link, $user_id) { $link = str_replace('/b/author/','/vendors/profile/', $link); return $link; } add_filter('uwp_profile_link', 'wr_userswp_profile_link', 10, 2);Change the code to return the right link for your actual pages/permalink structure.
Thanks Paolo.
On further testing the problem seems to go deeper than just the old password field.
On changing the password, it shows the message that the password has been changed successfully, and the hash changes in the database table, but an error message is logged and the user is no longer able to log in with either the old or new password.
PHP error message logged:
[12-Nov-2019 19:07:57 UTC] PHP Notice: Undefined index: uwp_change_password in …\wp-content\plugins\userswp\includes\class-forms.php on line 764
So it looks like it is trying to pick up the NEW password from the wrong array item as well.
No problem. I was looking for a fix myself and found this thread.
I’m not a support person, just another user. Hope I’m not doing the wrong thing by posting here.
Watch out for this causing other problems, though, like the tab links on the UWP profile page pointing back to the author archive URLs. I noticed that and will need to figure out a fix. There may be other snags but it does seem to deal with the overall issue.
This does look possible to me.
If you go to WP Admin –> Users WP –> General tab –> Profile –> Show Advanced you can then check the option “Disable author link redirect to UsersWP profile page.”
That stops UsersWP overriding the author profile link in archives etc.
It also creates a horrible redirect loop (clearly a bug in UsersWP) but if you add this filter it then fixes the redirect loop:
add_filter(‘uwp_check_redirect_author_page’, ‘__return_false’);
I am now able to get to both the standard author archives and the UsersWP profile page.
