Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.I can't understand why, but some of newly created account on my website can't access to the forgot password reset link.
If I use the version 7.34 of the file user.module, all my users can reset their password. If I use 7.36, some of them can't.
What is strange is that it's not everyone... I can't find difference between the account that can't and those who can.
I have tried to create a new account with the same role and it works for this one.
I have updated all my modules and drupal core.
People who can't use the reset password link just get redirected to the page that says the link has already been used. Get another one... It happens everytime they try to reset their password.
I have analyzed my traffic on apache and the link is not working when it is opened for the first time.
Currently everything is 7.36, but my user.module file is 7.34.
Thanks.
Comments
Comment #1
santerref CreditAttribution: santerref commentedComment #2
santerref CreditAttribution: santerref commentedComment #3
David_Rothstein CreditAttribution: David_Rothstein at Tag1 Consulting commentedSee https://www.drupal.org/drupal-7.35-release-notes and https://www.drupal.org/node/2455005 - do you have any contrib modules installed that would be affected by that?
It sounds like you might have some user accounts on the system for which it is not possible to securely generate a one-time-login link using the old method, so for those particular users the system won't let them do it (until the contrib module is updated to change its code to the new method).
Assuming this is the problem, you could look in the site's logs for PHP warnings about missing arguments to the user_pass_rehash() function to help track down what code is causing this.
Comment #4
JKingsnorth CreditAttribution: JKingsnorth commentedLet us know how you get on with this advice =]