0

I'm busy fixing some webshops that suffered from the invalid customer.xml issue that came with the SUPEE 6788 security patch. I'm down to my last one, however, everything in my customer.xml is (probably) in the right place.

Whenever Magento sends me a mail with my password reset link and I click on it, I get a 404 error straight from the server (so not from within Magento). Normally, Magento parses the given URL (which is like this; http://yoursite.com/customer/account/resetpassword/id=[id]&token=[token] ) to http://yoursite.com/customer/account/changeforgotten.

Navigating manually to account/changeforgotten doesn't work because of the missing session token and user id, but it does return my form, which indicates my customer.xml is probably fine.

Does anybody know where Magento parses this URL, and how to fix it? Or is something else going on?

Some insight or advice would be great :)

TIA

(edit; this is the xml issue i'm talking about; SUPEE 6788 and Password Reset (blank page))

Community
  • 1
  • 1
Fabian Tjoe A On
  • 1,383
  • 5
  • 18
  • 41

1 Answers1

1

404 page - can you clarify if the 404 page is coming from magento or is it just a 404 with a white background ?

when you visit http://yoursite.com/customer/account/resetpassword.....

the request will goto app/code/core/Mage/Customer/controllers/AccountController.php

public function resetPasswordAction()

You can try modifying this function to see if the request is coming here, and then debug further.. Note - If you have any custom module installed for login, it should have possibly overiden the AccountController , then in this case you should try debugging the AccountController of that module

Aamir
  • 326
  • 2
  • 8
  • The 404 page has a white background, I already mentioned its from the server. Thanks for your input, I'll check out what this function does :) – Fabian Tjoe A On Feb 25 '16 at 14:47
  • oh sorry ,if its from server it could be a different problem...some module disabled, is the customer able to login and visit account dashboard ?? – Aamir Feb 25 '16 at 14:51
  • Ah no problem, yep, the user is able to login and visit the dashboard (seeing the latest orders etc.), it's just the reset password link that doesn't parse.. – Fabian Tjoe A On Feb 25 '16 at 15:14
  • In that case please check if there is any module overiding AccountController and in that controller see if a function like resetPasswordAction() exists.. – Aamir Feb 25 '16 at 15:23