- This topic has 8 replies, 4 voices, and was last updated 6 years, 7 months ago by
.
-
Posts
-
Hi,
I’m using the newest Version of the Plugin and have an issue with the user’s profile page. The password can’t be changed / updated! All other fields are stored successfully in the database, but the password remains the same.
If two different passwords are entered, the forms marks this as invalid correctly. But as soon as the same password is entered twice, I’m logged out as it should be (together with the info, that this is normal on changing the password) but on the next login I can’t use the new password, I’ve to use the old one again.
I’ve enabled debug-logging, but no relevant messages appear.
Has anybody encountered this issue???
I’ve also checked, that the correct values are posted, and yes, everything is included in the post-body.
Okay, so I investigated the code, and this is, in my opinion an an least very interesting bug? Why did nobody recognised this before?
On checking if the user has entered a new password (class.swpm-front-registration.php:274), you call wp_logout() BEFORE calling the update statement on the database. But wp_logout() cancels the execution of any following code as it seems.
`if (isset($member_info[‘plain_password’])) {
//Password was also changed so show the appropriate message
$msg_str = ‘<div class=”swpm-profile-update-success”>’ . SwpmUtils::_(‘Profile updated successfully. You will need to re-login since you changed your password.’) . ‘</div>’;
$message = array(‘succeeded’ => true, ‘message’ => $msg_str);
unset($member_info[‘plain_password’]);
wp_logout(); //Log the user out from the WP user session also.
SwpmLog::log_simple_debug(“Member has updated the password from profile edit page. Logging the user out so he can re-login using the new password.”, true);
}$wpdb->update($wpdb->prefix . “swpm_members_tbl”, $member_info, array(‘member_id’ => $auth->get(‘member_id’)));
$auth->reload_user_data();
}I can verify this, because any other input is lost too, if a new password is entered.
I’ve moved the call to logout to the end of the function by storing a bool value inside the if statement, if logout should be called, and now everything is working as expected. Now heading to github to create a merge request.
Hi, can you carry out the following troubleshooting test.
Also make sure your login and or registration pages are not cached by your site or your server if it has a caching system set up.
Kind regards
Thank you. I have applied a fix for this. The github repository has the updated code already. After some more testing, we will update the wp.org repository also.
Hello,
I’m experiencing this same issue.
One of my users have tried to change the password through the Simple Membership profile, and when signs out and she tries to sign in again, it says that the user doesn’t exist.
I have modified her password through her WP user, and I have been able to sign in. However, I have changed again the password from the frontend, as if I was her, and again, it’s not possible.
Where in Github can I download the updated plugin?
Thanks,
MartaThe latest version is here:
https://github.com/wp-insider/simple-membershipWhat you explained isn’t the same issue as before though (your one looks different).
Hi @admin
Yes it is exactly the same issue. Maybe I explained it in a different way, but the following statament is what I’m experiencing as well.
The password can’t be changed / updated! All other fields are stored successfully in the database, but the password remains the same.
If two different passwords are entered, the forms marks this as invalid correctly. But as soon as the same password is entered twice, I’m logged out as it should be (together with the info, that this is normal on changing the password) but on the next login I can’t use the new password, I’ve to use the old one again.
So, as soon as someone tries to change their password through your, or any other, password form on the front-end, when they try the new password, it says something like “password field incorrect or empty”.
If I modify it from the back-end as an administrator, it works, and user can use their new password provided by me. But that’s not a good practise.
I have the latest version, which I see it’s 3.8.8 both in WP repository and github.
Please help!
- You must be logged in to reply to this topic.