Notifications
Clear all

wpForo 1.x.x [Closed] Lost password URL hardcoded

7 Posts
2 Users
1 Reactions
1,724 Views
Posts: 23
Topic starter
(@mistral)
Eminent Member
Joined: 6 years ago

Hi Guys

There is a hardcoded version of the password reset URL which I think 'should' be using the wpforo_lostpass_url() function to return the correct URL in all circumstances. Currently it is not possible to redirect users to our reset-password page, even though we have entered a custom value in the settings. This is under the specific case that users have entered a username or email that is not in use.

This is easily fixed.

wpforo/wpf-includes/wpf-hooks.php line 2070

// before
$redirect_url = wpforo_home_url( '?wpforo=lostpassword' );
//after
$redirect_url = wpforo_lostpass_url();

Thanks

Mistral

6 Replies
Robert
Posts: 10543
Admin
(@robert)
Support Team
Joined: 8 years ago

You can simple disable wpForo Reset Password feature and use the default WordPress one. It'll allow to use WordPress hooks too. The option to disable wpForo Reset Password URL overwriting is located in Dashboard > Forums > Settings > Features admin page.

Posts: 23
Topic starter
(@mistral)
Eminent Member
Joined: 6 years ago

Hi Robert

Thanks for the suggestion, I have just tried it...

Unfortunately doing that makes things a lot worse. There are more instances where wp-login.php is hardcoded, rather than using the wp_login_url() function. Using the WPforo method there is only 1 instance where the URL is hardcoded and specifically why I was hoping it would be corrected. For now I am overriding the function entirely just to fix that one line.

Regards

Mistral

Robert
Posts: 10543
Admin
(@robert)
Support Team
Joined: 8 years ago

@mistral,

In next version you can use 'wpforo_lostpass_url' hook. We made these changes in files:

/wpforo/wpf-includes/wpf-hooks.php

/wpforo/wpf-includes/functions-template.php

3 Replies
(@mistral)
Joined: 6 years ago

Eminent Member
Posts: 23

Thanks Robert, this is good news.

For completeness it would also be helpful to do the same treatment for the reset-password URL. There are 5 places this is hardcoded like this:

wpforo_home_url( '?wpforo=resetpassword

If you don't ask you don't get!

Thanks again

Mistral

Robert
Admin
(@robert)
Joined: 8 years ago

Support Team
Posts: 10543

Please follow the code. That's already passed through the filter hook as $wp_lostpass_url variable.

(@mistral)
Joined: 6 years ago

Eminent Member
Posts: 23

Hi Robert

I'm not sure I see it, or its not as expected. Sorry if I am missing something. Lostpassword and resetpassword point to two different forms/urls.

  • ?wpforo=lostpassword >> the form to request the email
  • ?wpforo=resetpassword >> the form to actually reset the password

The lostpassword is being handled and filtered but I don't see the same for the resetpassword.

Regards

Mistral