Page 1 of 1
[SOLVED] - Password reset code is invalid or was used previously!
Posted: Mon Jul 29, 2019 9:42 pm
by mattys
I have recently upgraded to oC 3.0.2.0.
Each time someone now tries to use forgotten password, they are successfully emailed a link click to change password, but after clicking link in email, they are sent to a page which says:
Password reset code is invalid or was used previously!
I can only think that is because is a past customer, and some conflict is arising.
The 'code' column is in the customer table, but was wondering that there might be another column missing.
any help appreciated.
Thanks
Matt
Re: Password reset code is invalid or was used previously!
Posted: Tue Jul 30, 2019 3:53 pm
by mattys
I am n longer receiving 'Password reset code is invalid or was used previously!' alert after fixes carried suggested on this page
viewtopic.php?t=160272, and associated page, by editing catalog/model/account/customer.php and changing this bit of code:
Code: Select all
// public function editPassword($email, $password) {
// $this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($password)))) . "', code = '' WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "'");
// }
to this:
Code: Select all
public function editPassword($customer_id, $password) {
$this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($password)))) . "', code = '' WHERE customer_id = '" . (int)$customer_id . "'");
}
However, once password is updated, its says updated successfully, but actually, not updated at all and can still use old password to log in.
Re: Password reset code is invalid or was used previously!
Posted: Tue Jul 30, 2019 4:47 pm
by mattys
Ok, for anyone doing an upgrade from OC 2 to 3.0.2.0, and you have a problem with customers not being able to set up a new password, i followed instructions for OC 2 on these pages:
viewtopic.php?t=160272
viewtopic.php?f=190&t=160186
The bit i missed which meant password looked like was updated, but in fact not (could still use old password to log in) was the edit on controller/account/reset.php:
Change:
Code: Select all
$this->model_account_customer->editPassword($customer_info['email'], $this->request->post['password']);
to:
$this->model_account_customer->editPassword($customer_info['customer_id'], $this->request->post['password']);
all working now
Re: Password reset code is invalid or was used previously!
Posted: Tue Jul 30, 2019 4:58 pm
by mattys
oh, forgot to say that this started with a missing column 'code' in customer table, add this column and make sure to set as type: varchar 40 and collation: utf8_general_ci
Re: Password reset code is invalid or was used previously!
Posted: Sat Jun 13, 2020 3:17 am
by lumit
Hi all,
I've solve the problem by removing las two characters in email code, there is added some "EI" string after the code. So I edit reset.php, changing
Code: Select all
$customer_info = $this->model_account_customer->getCustomerByCode($code);
by:
Code: Select all
$customer_info = $this->model_account_customer->getCustomerByCode(substr($code, 0, -2));
Regards!
Re: [SOLVED] - Password reset code is invalid or was used previously!
Posted: Sun Jun 14, 2020 3:37 am
by straightlight
The master branch has a bit different way to handle this. The solution has now been added in the pre-release versions.
Re: Password reset code is invalid or was used previously!
Posted: Fri Oct 09, 2020 9:42 pm
by answersun
mattys wrote: ↑Tue Jul 30, 2019 4:47 pm
Ok, for anyone doing an upgrade from OC 2 to 3.0.2.0, and you have a problem with customers not being able to set up a new password, i followed instructions for OC 2 on these pages:
viewtopic.php?t=160272
viewtopic.php?f=190&t=160186
The bit i missed which meant password looked like was updated, but in fact not (could still use old password to log in) was the edit on controller/account/reset.php:
Change:
Code: Select all
$this->model_account_customer->editPassword($customer_info['email'], $this->request->post['password']);
to:
$this->model_account_customer->editPassword($customer_info['customer_id'], $this->request->post['password']);
all working now
I made all the changes exactly as you mentioned, still getting "Password reset code is invalid or was used previously!" error.
Re: Password reset code is invalid or was used previously!
Posted: Fri Oct 09, 2020 9:54 pm
by answersun
lumit wrote: ↑Sat Jun 13, 2020 3:17 am
Hi all,
I've solve the problem by removing las two characters in email code, there is added some "EI" string after the code. So I edit reset.php, changing
Code: Select all
$customer_info = $this->model_account_customer->getCustomerByCode($code);
by:
Code: Select all
$customer_info = $this->model_account_customer->getCustomerByCode(substr($code, 0, -2));
Regards!
In my case, I had to remove the last 3 characters instead of 2, so weird.
Re: [SOLVED] - Password reset code is invalid or was used previously!
Posted: Tue Dec 15, 2020 3:59 am
by moshair
I got the same problem I found there is 'The' added to the link, I solved it by changing the file
Code: Select all
catalog\language\en-gb\mail\forgotten.php
to:
Code: Select all
<?php
// Text
$_['text_subject'] = '%s - Password reset request';
$_['text_greeting'] = 'A new password was requested for %s customer account.';
$_['text_change'] = "To reset your password click on the link below:\n\r";
$_['text_ip'] = "\n\r\n\rThe IP used to make this request was:";