link for password forgotten for customer

[Kebyr]

Hi,

 

I have installed 2.3.3

 

When the customer forget the password and try to recover, the email is sent with the link.

 

The problem is when the customer made click in the link, this does not work. Is sent back to password_forgotten.php and appears this note:

 

Error: The E-Mail Address was not found in our records, please try again.

 

What can I do?

[wigsonline]

Hi Keybr,

 

I know it has been a while since you posted this however I hope this helps.

 

 

I had the same problem recently and spent a day tinkering with it all before I found the problem/fix.

 

In my case I have installed a security module (http://addons.oscommerce.com/info/5752) from FWR media that cleanses pages from special characters that can be used by hackers.

 

In my case the security contribution was stripping the %40 from the email address in the reset link, so the email was being read as namedomain.com rather than name@@Domain.com- hence the error "Error: The E-Mail Address was not found in our records, please try again".

 

(%40 is the conversion for the character @ - you can see this if you look at the reset link closely)

 

I simply added an exclusion for the password_reset.php file to this contribution and it works perfectly.

 

I dont believe that this compromises the security as password_reset.php is not accessible unless you include a valid, current users email address and the reset key for that user/email.

 

So Check if you have installed any contributions that cleanse strings just check them and either add the % sign to the allowed characters or the password_reset.php file to the list of exclusions - Method will depend on how the contribution is coded/works.

 

P.S I was upgrading form 2.3.1 to 2.3.2, however the contribution is still valid and has been released for V2.3.3 (http://addons.oscommerce.com/info/7708)

 

 

HTH :thumbsup: