Unable to reset password - OJS with postgres


Users are unable to reset their passwords.
They are using the “Forgot your password?” link. The reset e-mail is delivered ok, but the link doesn’t works:
“Sorry, the link you clicked on has expired or is not valid. Please try resetting your password again.”
In config.inc.php:
reset_seconds = 7200
They are using the reset link inside this 2h valid time.

I can’t find in what database table the validation hash is storage.

Can someone please help me?

Tarcisio Pereira

Hi @Tarcisio_Pereira,

The password reset hash isn’t stored in the database – it’s generated from the username, old password hash, last login time, and possibly expiry time.

If you’re never seeing it accepted, it might be that your salt setting in the [security] section of config.inc.php is too short (or not specified). Make sure you’ve provided a long enough string.

Alec Smecher
Public Knowledge Project Team

Hi @asmecher

The salt is specified, I double checked.
I’m using sha1 and the salt length is 35 characters long.

Tarcisio Pereia