projectnami icon indicating copy to clipboard operation
projectnami copied to clipboard
verified publisher icon ProjectNami

Lost Password Redirects to https://wp-login.php/?checkemail=confirm

Open readej opened this issue 6 years ago • 9 comments

Submitting a valid email / username on this page: https://www.example.com/wp-login.php?action=lostpassword Will send an email to the user, but will redirect the user to https://wp-login.php/?checkemail=confirm

Seems to be losing the hostname of the server. This only happens on our production server in Azure, it does not happen on locally run IIS. I'll provide more details later in a follow-up to this.

Just wanted to see if anyone else was experiencing the same issue.

readej avatar Oct 09 '19 15:10 readej

Is this a single or multisite install?

patrickebates avatar Oct 09 '19 15:10 patrickebates

Single site.

readej avatar Oct 09 '19 17:10 readej

Grasping at straws a bit, but in your wp-config.php is DOMAIN_CURRENT_SITE defined?

If not, might try adding this line define('DOMAIN_CURRENT_SITE', 'www.example.com');

patrickebates avatar Oct 09 '19 17:10 patrickebates

Sorry I made a mistake in my initial report of this problem. I stated that the error did not happen on local IIS. However, that is not true. I'm getting the same problem on the local version as well. It was just that locally it was not allowed to send email and was instead giving the error "The email could not be sent. Possible reason: your host may have disabled the mail() function."

I'm testing more to figure out if I can narrow down when it does not get the hostname. So far I have tried putting in the wp-config.php definitions for DOMAIN_CURRENT_SITE, WP_HOME, WP_SITEURL I have also deactivate all plugins except one; https://wordpress.org/plugins/wp-mail-smtp/ which is needed to allow emailing the lost password and not getting the above error.

Thank you for your help. Are you able to replicate this issue?

readej avatar Oct 09 '19 20:10 readej

Narrowed this down to line 1402 in wp-includes\pluggable.php

$path = dirname( parse_url( 'http://placeholder' . $_SERVER['REQUEST_URI'], PHP_URL_PATH ) . '?' );

dirname on windows returns \ which makes the redirect location /\/wp-login.php?checkemail=confirm which then takes the user to https://wp-login.php/?checkemail=confirm

readej avatar Oct 10 '19 18:10 readej

This will end up being a bug in WP Core. I'm looking at that line in 5.2.3 and it appears identical.

patrickebates avatar Oct 10 '19 18:10 patrickebates

This is my resolution for this issue:

add_filter( 'lostpassword_redirect', 'new_lostpassword_redirect' );

function new_lostpassword_redirect( $lostpassword_redirect ) {
   return '/wp-login.php?checkemail=confirm';
}

readej avatar Oct 10 '19 21:10 readej

Thank you. I was getting this exact problem and your resolution fixed it for us too.

Tessachu avatar Nov 08 '19 18:11 Tessachu

I want to point out that if you're experiencing this bug, you're probably also getting the same issue when logging out since it'll redirect you to https://wp-login.php?loggedout=true

I fixed that issue with this snippet:

add_action( 'wp_logout', 'new_loggout_redirect' );
function new_loggout_redirect() {
    wp_safe_redirect( '/wp-login.php/?loggedout=true' );
    exit;
}

Tessachu avatar Nov 11 '19 19:11 Tessachu