Hi.
Users are unable to reset their passwords.
They are using the “Forgot your password?” link. The reset e-mail is delivered ok, but the link doesn’t works:
“Sorry, the link you clicked on has expired or is not valid. Please try resetting your password again.”
In config.inc.php:
reset_seconds = 7200
They are using the reset link inside this 2h valid time.
I can’t find in what database table the validation hash is storage.
Can someone please help me?
Regards,
Tarcisio Pereira
Hi @Tarcisio_Pereira,
The password reset hash isn’t stored in the database – it’s generated from the username, old password hash, last login time, and possibly expiry time.
If you’re never seeing it accepted, it might be that your salt
setting in the [security]
section of config.inc.php
is too short (or not specified). Make sure you’ve provided a long enough string.
Regards,
Alec Smecher
Public Knowledge Project Team
Hi @asmecher
The salt is specified, I double checked.
I’m using sha1 and the salt length is 35 characters long.
Best,
Tarcisio Pereia