Password Reset Process Just Going Round In Circles

When a customer clicks the Forgot Password? button, they get taken to a page that asks for their email address.

They put this in and receive an email with a link to reset password.

When they click the link - its just takes them back to the Forgot Your Password? page - it doesn't actually take them to a form to enter a new password.

Any ideas?

BUMP

Is your site running full ssl?

I can only think that the link is non-ssl and the page requires ssl (or the reverse).

The sites running full SSL and the reset link is also secured.

https://www.digitalsave.co.uk/index.php?dispatch=auth.recover_passwordetcetcetc

Any other ideas? This is becoming a big problem now

Can only suggest you look at it via your browser inspector's "network" tab and follow the redirects/responses.

https://forum.cs-cart.com/tracker/issue-7296-password-recovery-failing/

Anyone got a fix for this? The post from The Tool doesn't seem to work (makes my recovery page have no email input box) as I can only assume because the fix is for something newer than the version 4.3.1 I am using. When the customer inputs their email it just loops back to the same page stating:

Error The username you have entered does not match any account in our store. Please make sure you have entered the correct username and try again.

I know the email is correct as I have tested myself. And obviously no email is sent since it is stating it doesn't exist. I switched the site to full SSL several months ago. This is the first I have heard of the issue but that is not to say it hasn't been an issue this entire time.

Update: My problem appears to be with hotmail email accounts. My test email that didn't work is @hotmail.com based. And the original customer that told me about the issue was @hotmail.ca. Support can't replicate the issue with their email. I got it to reset my password using a non-hotmail account just as it should. Can anyone confirm by testing their site using a hotmail email? Since Microsoft owns hotmail I am wondering if it happens across the board with @msn.com, @outlook.com or any other MS email accounts.

We've had some of the same problems with gmail accounts inconsistently.

Jack

I guess it is a known bug that was fixed in later versions. CS provided me with some code changes to fix it but it was a LOT of lines of code that had to be changed in several different files.

I have version 4.9.2 and I'm still having this problem. Just had two people with hotmail accounts contact me this weekend.

Can admins change the user PW? I can see it and change it, but it doesn't seem to stick when saved... 4.5.2 store.

Jack

Can admins change the user PW? I can see it and change it, but it doesn't seem to stick when saved... 4.5.2 store.

Jack

yes, works for me

Same issue here. really disappointed this has not been fixed for so many updates.

Recently upgraded and STILL seeing this issue when trying to do a password recovery for myself. Edit: This issue was because I have an admin account and was able to fix using a non-admin account. Also have a customer telling me our site is sending them some code so they don't have to use a password but it isn't working. The problem is I can't even figure out how they are getting our site to send them a code.

Recently upgraded and STILL seeing this issue when trying to do a password recovery for myself. Edit: This issue was because I have an admin account and was able to fix using a non-admin account. Also have a customer telling me our site is sending them some code so they don't have to use a password but it isn't working. The problem is I can't even figure out how they are getting our site to send them a code.

https://forum.cs-cart.com/topic/61483-one-time-code-to-sign-in-instead-of-password/?fromsearch=1