chanx-young Posted March 3, 2015 Report Posted March 3, 2015 hello, i've update blesta to 3.4.2 but when my client request password reset, he receive the password reset mail with the password reset link inside. but when he click on that link, the page go to login page not the password reset page. anything i should check? thank you Quote
0 serge Posted March 3, 2015 Report Posted March 3, 2015 try to edit email template to correct it, go at system/email/.... Quote
0 serge Posted March 3, 2015 Report Posted March 3, 2015 from admin area, go in menu, Settings / emails / email template there edit appropriate template to check it Quote
0 Tyson Posted March 3, 2015 Report Posted March 3, 2015 Chances are the {password_reset_url} tag in the "Password Reset" email template (found under [settings] -> -> -> (edit Password Reset)) is including a malformed or incorrect URL. It might be that your company hostname is incorrect. You can find and update the hostname under [settings] -> [system] -> [Companies] -> (edit). You could try to have a password reset email sent to you for your staff account to check if the link in that email is incorrect as well. It would be best to see what the URL of the link in the email is to determine the problem. Michael 1 Quote
0 chanx-young Posted March 3, 2015 Author Report Posted March 3, 2015 i can't find any error. my password reset link is at https://www.domain.com/client/login/reset/ password reset confirmation link is at http://domain.com/client/login/confirmreset/?sid=hilnXxfw%2FbRW2tPOtBTG7BKjeV9%2B61qCXpNrDk7ZUnsolzPrxw7Knpg3rsrcAp5J but when i clicked that link it goes to https://www.domain.com/client/login/ Quote
0 Tyson Posted March 3, 2015 Report Posted March 3, 2015 The links look fine to me. Have you attempted to reset your password so you can check the email you receive? If so, does the link work? If the link is fine, your customer probably clicked an old reset password link. The links are only valid for a short time (e.g. 4 hours). If the link is no longer valid when they visit it, they would be redirected to the login page. In that case, they should enter their email address on the reset password page to receive another email, and then check their email within those 4 hours. Quote
0 chanx-young Posted March 3, 2015 Author Report Posted March 3, 2015 i did that on my own, i clicked the link just after i received the confirmation email so that before 4 hours. but just redirected to login page. i tried that on licensecart. but his installation seems no problem. on mine before update is okay, dont know is it because of update or not. Quote
0 Michael Posted March 3, 2015 Report Posted March 3, 2015 i did that on my own, i clicked the link just after i received the confirmation email so that before 4 hours. but just redirected to login page. i tried that on licensecart. but his installation seems no problem. on mine before update is okay, dont know is it because of update or not. Are you using cPanel can you check your cron job if it is? It should be /usr/local/bin/php Quote
0 chanx-young Posted March 5, 2015 Author Report Posted March 5, 2015 the cron is running good, still can't figured it out what happened, could somebody help me? look like there is problem with redirection in login page. am i right? Quote
0 Michael Posted March 5, 2015 Report Posted March 5, 2015 the cron is running good, still can't figured it out what happened, could somebody help me? look like there is problem with redirection in login page. am i right? Does the direct url work fine? Without knowing the set-up we can only guess. Quote
0 chanx-young Posted March 6, 2015 Author Report Posted March 6, 2015 hello. i try to edit app/controllers/clien_login.php /** * Confirm password reset */ public function confirmReset() { $this->uses(array("Clients")); // Verify parameters if (!isset($this->get['sid'])) $this->redirect($this->base_uri . "login/"); $params = array(); $temp = explode("|", $this->Clients->systemDecrypt($this->get['sid'])); //print_r($temp); //if (count($temp) <= 1) // $this->redirect($this->base_uri . "login/"); foreach ($temp as $field) { $field = explode("=", $field, 2); $params[$field[0]] = $field[1]; } // Verify reset has not expired //if ($params['t'] < strtotime("-" . Configure::get("Blesta.reset_password_ttl"))) //$this->redirect($this->base_uri . "login/"); // Verify hash matches //if ($params['h'] != substr($this->Clients->systemHash('u=' . $params['u'] . '|t=' . $params['t']), -16)) //$this->redirect($this->base_uri . "login/"); // Attempt to update the user's password and log in if (!empty($this->post)) { $client = $this->Clients->getByUserId($params['u']); $user = $this->Users->get($params['u']); if ($user && $client && $client->status == "active") { // Update the user's password $this->Users->edit($params['u'], $this->post); if (!($errors = $this->Users->errors())) { $this->post['username'] = $user->username; $this->post['password'] = $this->post['new_password']; $this->post['ip_address'] = (isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ""); // Attempt to log user in $this->Users->login($this->Session, $this->post); $this->forwardPostAuth(); } else $this->setMessage("error", $errors); } } } i comment out 3 verification : 1. if (count($temp) <= 1) 2. Verify reset has not expired 3. Verify hash matches and the pages go to ask for new password like it should have. wonder what is sid content. try to print_r($temp) but just [Array ( [0] => ) do that mean the sid is not valid? or it can't be decrypt? Quote
0 skywerx Posted March 6, 2015 Report Posted March 6, 2015 I had a similar issue. Make sure your company settings are correct. In my case it had to include the www. Even though the domain is setup to point with or without www the hostname of the server and the setup in Blesta in my case are www and it would not work without it. In the email template if you are using SSL then make sure it says https:// and not http:// or it will not work correctly Michael 1 Quote
0 chanx-young Posted March 6, 2015 Author Report Posted March 6, 2015 I had a similar issue. Make sure your company settings are correct. In my case it had to include the www. Even though the domain is setup to point with or without www the hostname of the server and the setup in Blesta in my case are www and it would not work without it. In the email template if you are using SSL then make sure it says https:// and not http:// or it will not work correctly Thank you very much, you saved my day. And you're right, i have redirect all call to my website to www so i have to set hostname to www.domain.com and in email template i have to edit link(not just the shown text) to https:// maybe suggestion to developer to make this setting easier. thanks Quote
Question
chanx-young
hello, i've update blesta to 3.4.2 but when my client request password reset, he receive the password reset mail with the password reset link inside. but when he click on that link, the page go to login page not the password reset page.
anything i should check?
thank you
13 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.