We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Password reset code invalid [to test] | Forum

dave Leader
dave Jun 21 '13

Had a member tell me today that they reset their PW and immediately did the link and got this instead.


Unfortunately you reset code is invalid or expired. Please follow the link and try to reset it again.


Its my fault for not testing this part of the script as i expected it would work, i assumed when i prob should not have.  Maybe i missed a setting someplace.


Here i thought my members that i purged last week were not trying to log on  but in reality they may have because im sure they got this as well, which means that i purged them in error...


Anyone know a place to set this value or what to do about this issue.  


well first issue is its not writing to the table, the table is empty.

The Forum post is edited by Alia Jun 24 '13
dave Leader
dave Jun 21 '13

Update:  it does post to DB table but it does not stay there very long, it is on there seems like less than a few min at most. So how to fix this?


 So again this issue cost me 200 members on one site and over 100 members on another site that i purged, and im rather upset about it.


I will be eating alot of crow on this one trying to get those members back.  



Another UPDATE:  I set the expire time to 1 day and  this time i copied the code right out of the db and still gave me invalid code.  And did it last one day, nope in side of a couple of min or as soon as i attempted to use the code it was gone. 


Does this process delete the db table entry once an attempt is made?


No looks like the cron is clearing the table every couple of min in which i have to find and stop. it should not do that...  its not even paying attention to the timestamp i set one for next week and it still removed it.  


Any help would be appreciated.. Where does this remove the entries from the user_reset_password table?

I thought it might be the deleteExpiredEntities function but i dont think it is. 


i think i found it in the cron php file it was set for 10 i just changed it to 60 i will test.  which brings up the question why are we setting an expire timestamp on the row if the system will remove all entries in a matter of min when ever we set that.    the timestamp on the row means nothing in this case.

The Forum post is edited by dave Jun 21 '13
dave Leader
dave Jun 21 '13

I think i have it fixed i will report what i did here shortly after some testing.


ok here is what i did


in the  ow_system_plugins/base/bol/user_service.php


find the function getNewResetPassword


 //changed to exp in 1hr
        $resetPassword->setExpirationTimeStamp(( time() + 3600));
                                                                                    // 1 hour

        // original code commented out
        // $resetPassword->setExpirationTimeStamp(( time() + 24 * 3600));


and then in ow_system_plugins/base/cron.php


$this->addJob('deleteExpiredPasswordResetCodes', 3600); // changed to 3600 = 1 hr, original value was 10 which i believe was 10 sec not minutes.


And now it works..


Daisy can you confirm this for me please thanks... :)  but i just tested and it does work.  But just please confirm that the attribute for that is in sec not minutes.. 


 thanks. :) 



The Forum post is edited by dave Jun 23 '13
Joseph Simon
Joseph Simon Jun 23 '13
dave check this thread  http://www.oxwall.org/forum/topic/11589
dave Leader
dave Jun 23 '13

thanks funny i did a search for awhile to find what i needed and none of those came up.  But your link was the beginning of a trail from one link to the next that led me to here


which is the only one that really addressed the issue at all and but sadly only half the issue.


The real issue is the cron, regardless what you set the expire timestamp to the cron will delete them all when it is run.  Example during my testing i set up a dummy record thru the insert option in the db to expire next friday.  And guess what, when the cron ran it was gone.


So that is why in my instructions it says to change both, the service php and also the cron php as well.  If you dont your just chasing your tail.


This is another value that should be set dynamically either thru the config file as a define or from the admin area in settings allowing us to choose how long we would like them to last.

The Forum post is edited by dave Jun 23 '13
Alia Team
Alia Jun 24 '13

>>in the  ow_system_plugins/base/bol/user_service.php

 3600 was in seconds.

>>$this->addJob('deleteExpiredPasswordResetCodes', 3600);
here "10" was in minutes, not seconds.

What you did in cron.php file in fact doesn't really do anything, other then deleting junk/unneeded data from database ( deletes expires passwords) and this could not have solved your issue.

I am checking/reproducing your issue right now ( checking how database behaves). Will keep you posted.

dave Leader
dave Jun 24 '13

Thanks :)

The Forum post is edited by dave Jun 24 '13
dave Leader
dave Jun 27 '13
Aliia any results on testing at your end :)
Kumi Festus
Kumi Festus Jun 29 '13
I was looking for a way to prolong the duration for password reset code, because I aslo had the problem of "reset code has expired". I looked through  the forum like many others. I found a solution to extend the time limit for the reset code which I did, then links Like sign in and sign out broke completely.

When try to log in, the link is broken. Can not connect to the main site. When I close that window and open a new one and enter the web address, it takes me into the site central signed in. When I sign out of the site, the links breaks until I close that window and open a new one. At this time, when I enter the web address again, I find that I am signed out. How do I fix this problem?
Alia Team
Alia Jul 2 '13
Dave, have not finished testing yet.

Kumi, let's continue our discussion regarding your issue in your other topic.
Kumi Festus
Kumi Festus Jan 19 '14
Any solution so far for the password reset code validity?
This is turning users away.

I just discovered that many users to my site are turned away due to their inability to reset their passwords.

When they try, the response is : unfortunately your code is invalid, you need to reset again.
MarkieMark67 Jan 19 '14

I had the same problem here is what I did to correct it.


At line 104

$example->andFieldGreaterThan(self::EXPIRATION_TS, time());

to this

$example->andFieldGreaterThan(self::EXPIRATION_TS, time() + 3600);

3600 = 1hr

Kumi Festus
Kumi Festus Jan 19 '14
Thanks dear, it's good now.
Jobee Bendijo
Jobee Bendijo Apr 13 '14
Yep, this worked for me too.
tammy harris
tammy harris Apr 14 '14
dave i posted a fix for this problem long time ago here

the language file for the sent email needs changing as well so works in all email accounts 
ie  yahoo, hotmail etc
The Forum post is edited by tammy harris Apr 14 '14
Freyer Dec 3 '16

The easiest way to solve this issue is to go to your phpmyadmin and edit the following table:


The value that needs to be edited is 


Set this value to 1225115 or whatever you desire, this value is the time in seconds that the code needs to be remembered

dave Leader
dave Dec 3 '16
wow this was like 4 years ago... :0)