Skip to content

Fail to reset password on wordpress sites, reset link appears to be invalid..

Hi @sven, I am developing a custom engine to create user accounts on wordpress blogs which requires the reset password process after the registration.

Every step works well except the process of resetting password, the page shows error - "reset link appears to be invalid", the script is blow:

-----

[setup]
enabled=1
default checked=0

engine type=CS POST
description=Submits an article and puts a link to your site.
dofollow=2
anchor text=1
creates own page=1
uses pages=0


page must have=http
search term=

add keyword to search=2
use blog search=0
extract keywords=0

posted domain check=1

skip ext links on=0
skip content on=0
skip url content on=0

keep subdomain=wordpress.com


[URL]
type=url 

[Anchor_Text]
type=text
alternate data=%spinfile-generic_anchor_text.dat%

[Article_Title]
type=text
allow html=0
must be filled=1
hint=capitalize each word.

[Article]
type=memo
allow html=1
html to bbs=0
must be filled=1
hint=The full article comes here.
auto modify=0
auto add anchor url=2
auto add anchor url content=%file-auto_anchor-article.dat%
custom mode=1
custom iframe format=" "
custom img format=" "

[Login]
type=login
must be filled=1
hint=The login for websites that need an account. Use numbers and letters only.
min length=8
static=1
upcase=0

[Password]
type=password
must be filled=1
hint=A password used for websites that need an account. Use numbers and letters only.
static=1

[Your E-Mail]
type=email
static=1


[full_name]
type=extract
default=%spinfile-names.dat% %spinfile-lnames.dat%
static=1



;---------------------------------------------------------------------------  
;the form variables and how to fill them
[REGISTER_STEP1]
page must have1=!Page not found
page must have2=!User registration is currently not allowed.
page must have3=!Registration has been disabled
page must have4=!The page you're looking for does not exists
oage must have5=!invitation_code

;=== 注册的form (不同站点用的ID/Name是不同的, 所以需要兼容最多)
form id=registerform|setupform|signup_form
form name=registerform*|signup_form|
form url=*/wp-login.php?action=register|*?action=register|*/register/|*wp-signup*|*wp-login.php*|action="*/register/"

;At the end of each STEP* the resulting webpage content is checked first against “submit success” and than against “submit failed”. And if one is matching the submission is either set as successful or failed. The text is not case sensitive and multiple items can be added with |.
submit success=Registration complete|Sign Up Complete!|You have successfully created your account!|To begin using this site you will need to activate your account via the email we have just sent to your address.|/members/%login%/|/members-2/%login%|>Log Out<|/my-profile/">My Profile<|egistro completado!|Rejestracja (krok 2 z 3)|Registration complete. You may now log in.|Comprueba tu correo para activar tu cuenta|Hai creato con successo il tuo account

;注册失败的识别
submit failed=Sorry, that email address is already used!|You have been flagged on our security grid as a spammer.|Your request has triggered our Spam filter|Failed Security Verification|<div class="error">This is a required field</div>|Internal Server Error|Wrong CAPTCHA|Sorry, please answer the question again|Banned by WangGuard|That CAPTCHA was incorrect.|Sorry, that email address is not allowed!|<div class="error">|<div id="message" class="error">|<div id="login_error">|Error establishing a database connection|Not Acceptable!|This site is protected by the Stop Spammer Registrations Plugin.|Wrong invite code|ERROR: Couldn抰 register you?please contact the webmaster|inurl:registration=disabled|Error establishing a database connection|Service Unavailable


;After a successful registration we would normally wait till an verification email arrives to continue with login and submission. However some platforms might allow you to login without this or log you in already. In that case it would be a waste of time to wait for a email from them so we continue to login and submit the content.
submit success skip verify=>Profile<

;captcha识别失败
captcha failed=Wrong CAPTCHA|That CAPTCHA was incorrect.

;必须邮件验证过后才能进行下一步登录操作
try to continue without verification=0

;再次尝试注册
submit failed retry=Error establishing a database connection|Sorry, that email address is already used

verify submission=1
verify by=email
verify interval=60
verify timeout=700
; ==== 修改过, 默认为5分钟, 为了调试方便, 调整成1分钟
first verify=1
;1 = if a submission is not detected as successful or failed it will still be taken as successful (appearing in log with “unknown submission status”)
verify on unknown status=1

set unknown variable=%leave%
variable must be used=your e-mail

;== 用户名字段
user_login=%login%
user_name=%login%
signup_username=%login%

;== 用户email字段
user_email=%your e-mail%
signup_email=%your e-mail%

;== password(有部分站点需要)
signup_password=%password%
signup_password_confirm=%password%

first_name=Jack
last_name=fu
disp_name=jack fu


captcha_code=%captcha%
field_1=%full_name%
signup_with_blog=1
bph_field=%question%
signup_blog_privacy=public
signup_blog_url=%login%
signup_blog_title=%article_title%
bprwg_groups[]=1
tos_agree=1
*coupon_code=%leave%
*Sex*=%random_option%
*Location*=%columnspinfile-address_data.dat-1% (%columnspinfile-address_data.dat-2%)
*country*=%columnspinfile-address_data.dat-1%
*city*=%columnspinfile-address_data.dat-3%
*town*=%columnspinfile-address_data.dat-3%
*street*=%columnspinfile-address_data.dat-5%
*Hobbies*=%spinfile-hobbies.dat%
*Languages*=English {German|Frensh|Spainish|Russian|||}
*Gender*=1|F|Female|%random_option%
*Languages*=English|%random_option%
*Relationship*=single|%random_option%
*Religion*=none|%random_option%
*day*=%random_option%
*month*=%random_option%
*year*=%random_option%
*phone*=%columnspinfile-address_data.dat-6%
*mail*=%your e-mail%
*Agree*=1
*Quotes that inspire*=%leave%
*Websites*=%leave%
*About me*=%file-about_yourself.dat%
Description=%file-about_yourself.dat%
What is *?=%question%
*Owners Name*=%spinfile-names.dat% %spinfile-lnames.dat%
*I have read*=1

security_question_answer=%question%
captcha_answer=%captcha%
wangguardquestansw=%question%

signup_blog_title=%login%
SpamCode=%captcha%
mc-value=%question%

;field_*=%random_option%

*Gender*=%random_option%
*Age*=%random-18-40%|%random_option%

Female=1
Male=0

field_1_visibility=public
*visibility*=public
;===============
;注册页面元素"id="signup_submit"可能被JS处理过, 手动增加到Form字段中
add fixed data=signup_submit=Complete Sign Up
add fixed data condition=id="signup_submit"


[LOGIN_STEP1]
just download=1
;修改过, 默认登录成功的条件首先匹配的是字符串"wp-login.php?action=logout"
submit success=wp-login.php?action=logout|>Log Out<|/my-profile/">My Profile<|>log out<|>logout<|*?action=logout*|/members/%login%/|/members-2/%login%
submit failed=This site is protected by the Stop Spammer Registrations Plugin.|Incorrect username or password.|Your account has not been activated. Check your email for the activation link.|You do not have sufficient permissions to access this page|invalid username|the password you entered for the username|this ip range has been blocked due to too many recent failed login attempts|confirmation pending. see registration e-mail|captcha was incorrect|Error establishing a database connection|The solution of task you submitted was incorrect.|Your login email address or password was not correct, please try again.|<div id='login_error'><strong>|<form name="loginform" id="loginform" action="wp-login.php" method="post">|Error establishing a database connection|Nom d'utilisateur ou mot de passe incorrect.|Podano niepoprawny login lub|<div id="message" class="error">|<div id="login_error">
;">Log in</a>|
;==登录失败重试的条件
submit failed retry=Error establishing a database connection|Wrong CAPTCHA|That CAPTCHA was incorrect|Security code do not match.
verify on unknown status=1


[LOGIN_STEP2]
;====重置密码的form
form name=resetpassform
form id=resetpassform
form url=*/wp-login.php?action=resetpass
;====密码字段
pass1=%password%
pass2=%password%


;==== 登录第三步, 打开登录页面
[LOGIN_STEP3]
find url=%targethost%*/wp-login.php|%targethost%*/login
find link=Log in|iniciar sesión|login
alternative url=/wp-login.php
just download=1

; ==== 登录第四步, 提交登录页面
[LOGIN_STEP4]
; ==== 登录页面的字段
log=%login%
pwd=%password%
rememberme=1
cptch_number=%question% Password<br />;<p class="
captcha_code=%captcha% securimage_show.php
;登录页面的form
form name=loginform
form id=loginform
form url=*/wp-login.php

----


I have PMed you the target URL and test email.
Could you please advise how to make it work?
Thanks in advance.

Comments

  • SvenSven www.GSA-Online.de
    edited May 2019
    you need to change :
      verify by=email
    into:
      verify by=extractemail
    see details in drupal script.
  • Thanks for your answer, @sven.
    I have modified the script as below:
    --

    [setup]
    enabled=1
    default checked=0

    engine type=CS POST
    description=Submits an article and puts a link to your site.
    dofollow=2
    anchor text=1
    creates own page=1
    uses pages=0


    page must have=http
    search term=

    add keyword to search=2
    use blog search=0
    extract keywords=0

    posted domain check=1

    skip ext links on=0
    skip content on=0
    skip url content on=0

    keep subdomain=wordpress.com
    ;===表明Password Reset URL是从email中提取
    extract from email=pw_reset_link


    [URL]
    type=url 

    [Anchor_Text]
    type=text
    alternate data=%spinfile-generic_anchor_text.dat%

    [Article_Title]
    type=text
    allow html=0
    must be filled=1
    hint=capitalize each word.

    [Article]
    type=memo
    allow html=1
    html to bbs=0
    must be filled=1
    hint=The full article comes here.
    auto modify=0
    auto add anchor url=2
    auto add anchor url content=%file-auto_anchor-article.dat%
    custom mode=1
    custom iframe format=" "
    custom img format=" "

    [Login]
    type=login
    must be filled=1
    hint=The login for websites that need an account. Use numbers and letters only.
    min length=8
    static=1
    upcase=0

    [Password]
    type=password
    must be filled=1
    hint=A password used for websites that need an account. Use numbers and letters only.
    static=1

    [Your E-Mail]
    type=email
    static=1


    [full_name]
    type=extract
    default=%spinfile-names.dat% %spinfile-lnames.dat%
    static=1

    ;=== 从email中提取的password reset link
    [pw_reset_link]
    type=extract
    find url=*action=rp*
    default=/action=rp
    static=2

    ;---------------------------------------------------------------------------  
    ;the form variables and how to fill them
    [REGISTER_STEP1]
    page must have1=!Page not found
    page must have2=!User registration is currently not allowed.
    page must have3=!Registration has been disabled
    page must have4=!The page you're looking for does not exists
    oage must have5=!invitation_code

    ;=== 注册的form (不同站点用的ID/Name是不同的, 所以需要兼容最多)
    form id=registerform|setupform|signup_form
    form name=registerform*|signup_form|
    form url=*/wp-login.php?action=register|*?action=register|*/register/|*wp-signup*|*wp-login.php*|action="*/register/"

    ;At the end of each STEP* the resulting webpage content is checked first against “submit success” and than against “submit failed”. And if one is matching the submission is either set as successful or failed. The text is not case sensitive and multiple items can be added with |.
    submit success=Registration complete|Sign Up Complete!|You have successfully created your account!|To begin using this site you will need to activate your account via the email we have just sent to your address.|/members/%login%/|/members-2/%login%|>Log Out<|/my-profile/">My Profile<|egistro completado!|Rejestracja (krok 2 z 3)|Registration complete. You may now log in.|Comprueba tu correo para activar tu cuenta|Hai creato con successo il tuo account

    ;注册失败的识别
    submit failed=Sorry, that email address is already used!|You have been flagged on our security grid as a spammer.|Your request has triggered our Spam filter|Failed Security Verification|<div class="error">This is a required field</div>|Internal Server Error|Wrong CAPTCHA|Sorry, please answer the question again|Banned by WangGuard|That CAPTCHA was incorrect.|Sorry, that email address is not allowed!|<div class="error">|<div id="message" class="error">|<div id="login_error">|Error establishing a database connection|Not Acceptable!|This site is protected by the Stop Spammer Registrations Plugin.|Wrong invite code|ERROR: Couldn抰 register you?please contact the webmaster|inurl:registration=disabled|Error establishing a database connection|Service Unavailable


    ;After a successful registration we would normally wait till an verification email arrives to continue with login and submission. However some platforms might allow you to login without this or log you in already. In that case it would be a waste of time to wait for a email from them so we continue to login and submit the content.
    submit success skip verify=>Profile<

    ;captcha识别失败
    captcha failed=Wrong CAPTCHA|That CAPTCHA was incorrect.

    ;必须邮件验证过后才能进行下一步登录操作
    try to continue without verification=0

    ;再次尝试注册
    submit failed retry=Error establishing a database connection|Sorry, that email address is already used

    verify submission=1
    ; === 需要从email中提取密码重置的URL
    verify by=extractemail
    verify interval=60
    verify timeout=700
    ; ==== 修改过, 默认为5分钟, 为了调试方便, 调整成1分钟
    first verify=1
    ;1 = if a submission is not detected as successful or failed it will still be taken as successful (appearing in log with “unknown submission status”)
    verify on unknown status=1

    set unknown variable=%leave%
    variable must be used=your e-mail

    ;== 用户名字段
    user_login=%login%
    user_name=%login%
    signup_username=%login%

    ;== 用户email字段
    user_email=%your e-mail%
    signup_email=%your e-mail%

    ;== password(有部分站点需要)
    signup_password=%password%
    signup_password_confirm=%password%

    first_name=%spinfile-names.dat%
    last_name=%spinfile-lnames.dat%
    disp_name=%spinfile-names.dat% %spinfile-lnames.dat%


    captcha_code=%captcha%
    field_1=%full_name%
    signup_with_blog=1
    bph_field=%question%
    signup_blog_privacy=public
    signup_blog_url=%login%
    signup_blog_title=%article_title%
    bprwg_groups[]=1
    tos_agree=1
    *coupon_code=%leave%
    *Sex*=%random_option%
    *Location*=%columnspinfile-address_data.dat-1% (%columnspinfile-address_data.dat-2%)
    *country*=%columnspinfile-address_data.dat-1%
    *city*=%columnspinfile-address_data.dat-3%
    *town*=%columnspinfile-address_data.dat-3%
    *street*=%columnspinfile-address_data.dat-5%
    *Hobbies*=%spinfile-hobbies.dat%
    *Languages*=English {German|Frensh|Spainish|Russian|||}
    *Gender*=1|F|Female|%random_option%
    *Languages*=English|%random_option%
    *Relationship*=single|%random_option%
    *Religion*=none|%random_option%
    *day*=%random_option%
    *month*=%random_option%
    *year*=%random_option%
    *phone*=%columnspinfile-address_data.dat-6%
    *mail*=%your e-mail%
    *Agree*=1
    *Quotes that inspire*=%leave%
    *Websites*=%leave%
    *About me*=%file-about_yourself.dat%
    Description=%file-about_yourself.dat%
    What is *?=%question%
    *Owners Name*=%spinfile-names.dat% %spinfile-lnames.dat%
    *I have read*=1

    security_question_answer=%question%
    captcha_answer=%captcha%
    wangguardquestansw=%question%

    signup_blog_title=%login%
    SpamCode=%captcha%
    mc-value=%question%

    ;field_*=%random_option%

    *Gender*=%random_option%
    *Age*=%random-18-40%|%random_option%

    Female=1
    Male=0

    field_1_visibility=public
    *visibility*=public
    ;===============
    ;注册页面元素"id="signup_submit"可能被JS处理过, 手动增加到Form字段中
    add fixed data=signup_submit=Complete Sign Up
    add fixed data condition=id="signup_submit"

    ;第一步, 重置密码
    [LOGIN_STEP1]

    ;把所有注册页面的URL写进文件
    write file="d:\test_pw_reset.txt" "%pw_reset_link%\n"

    modify url=%pw_reset_link%
    encode post data=0
    just download=1


    ;修改过, 默认登录成功的条件首先匹配的是字符串"wp-login.php?action=logout"
    submit success=wp-login.php?action=logout|>Log Out<|/my-profile/">My Profile<|>log out<|>logout<|*?action=logout*|/members/%login%/|/members-2/%login%
    submit failed=This site is protected by the Stop Spammer Registrations Plugin.|Incorrect username or password.|Your account has not been activated. Check your email for the activation link.|You do not have sufficient permissions to access this page|invalid username|the password you entered for the username|this ip range has been blocked due to too many recent failed login attempts|confirmation pending. see registration e-mail|captcha was incorrect|Error establishing a database connection|The solution of task you submitted was incorrect.|Your login email address or password was not correct, please try again.|<div id='login_error'><strong>|<form name="loginform" id="loginform" action="wp-login.php" method="post">|Error establishing a database connection|Nom d'utilisateur ou mot de passe incorrect.|Podano niepoprawny login lub|<div id="message" class="error">|<div id="login_error">
    ;">Log in</a>|
    ;==登录失败重试的条件
    submit failed retry=Error establishing a database connection|Wrong CAPTCHA|That CAPTCHA was incorrect|Security code do not match.
    verify on unknown status=1

    ;=== 登录第一步先进行密码重置
    ;=== 密码重置页面 (第一步)
    [LOGIN_STEP2]

    ;====重置密码的form
    form name=resetpassform
    form id=resetpassform
    form url=*/wp-login.php?action=resetpass
    ;====密码字段
    pass1=%password%
    pass2=%password%


    ;==== 登录第三步, 打开登录页面
    [LOGIN_STEP3]
    find url=%targethost%*/wp-login.php|%targethost%*/login
    find link=Log in|iniciar sesión|login
    alternative url=/wp-login.php
    just download=1

    ; ==== 登录第四步, 提交登录页面
    [LOGIN_STEP4]
    ; ==== 登录页面的字段
    log=%login%
    pwd=%password%
    rememberme=1
    cptch_number=%question% Password<br />;<p class="
    captcha_code=%captcha% securimage_show.php
    ;登录页面的form
    form name=loginform
    form id=loginform
    form url=*/wp-login.php

    -----------

    Still doesn't work, the reset password URL was extracted successfully, I have saved it to a test file and checked.
     
  • See the debug log in SER:


    The page I opened in "login_step1":

  • SvenSven www.GSA-Online.de
    edited May 2019
    When the link is extracted, you should not open it, the only one having to open it is SER.
  • >When the link is extracted, you should not open it, the only one having to open it is SER.
    I don't understand, I didn't open the link, but it shows "failed" in the [login_step1], that's why I manually open the download page and see what happened..

    I referred to the Drupal engine, and can't find anything wrong in my script, could you please point it to me? I really apppreciate that, I have been stuck with the problem for many days.

  • SvenSven www.GSA-Online.de
    actually I don't see anything being wrong without live debugging it. Is that script final and do you have a test site for me?
  • SvenSven www.GSA-Online.de
    you sent me details in pm...just saw it and will check.
  • Dear @sven, I am still waiting for a solution, really appreciate your time and help.
  • SvenSven www.GSA-Online.de
    as written in pm...I debugged this and the link received by email works but for some reason always gives an error when opening. Right now I have no solution to this problem but will try to debug this after free-days (free in Germany till end of Week).
  • Thanks so much! I just PMed you a couple of more sample sites, just in case you want to test..
  • Hi @sven, have you had time on debugging the issue yet?
  • SvenSven www.GSA-Online.de
    still on my list (or open tabs of issues to go though).
  • I will look forward to the update, thanks in advance.
  • Any update on the issue? @sven
  • SvenSven www.GSA-Online.de
    sorry, we have holidays here in Germany, I will back in office tomorrow where I hopefully find the time to work on it.
  • Oh, didn't know that, hope you enjoy your holiday.
  • I really hate to push you too hard, however, I really need to get this issue resolved since it's the common issue for two custom engines...
  • andrzejekandrzejek Polska
    edited June 2019
    I just encountered this bug, i think its due to cookie not being set by GSA SER. All info submitted to Sven.
  • SvenSven www.GSA-Online.de
    yep this was really a helpful analysis @andrzejek ...saw it instantly in the logs as well.

    Thanks to both of you for helping finding this...it's fixed in latest update (13.66).
Sign In or Register to comment.