• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Forwarded to devs password forgot link not alway copies correct

Linulex

Linulex

Silver Pleskian
TITLE:
password forgot link not alway copies correct
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Plesk Onyx Version 17.8.11 Update #28, and possible all other plesk vesions
all os'es, all systems, etc... this is a plesk issue and is indepentent from os
PROBLEM DESCRIPTION:
When using the password forgot link, a mail is send to the customer, so far so good. When this the code has a % in it, it is not always copied correct and the average customer never heard of ascii code.

for example

/ch_pass_by_secret.php?secret=iifh88QNzj1Y1uAlssmQZsNdGhbdVu1s3naRHG3x44Q%3D

changed to

/ch_pass_by_secret.php?secret=iifh88QNzj1Y1uAlssmQZsNdGhbdVu1s3naRHG3x44Q=

because %3D is the ascii code for =

And for the average customer, "IT" doesn't work, and he gets frustrated.

regards
Jan​
STEPS TO REPRODUCE:
send a forgot email, keep sending it till a code sequence is that of a raw ascii sign

for example

/ch_pass_by_secret.php?secret=iifh88QNzj1Y1uAlssmQZsNdGhbdVu1s3naRHG3x44Q%3D​
ACTUAL RESULT:
when clicked it is changed into this and the user gets an error that the secret code is not correct

/ch_pass_by_secret.php?secret=iifh88QNzj1Y1uAlssmQZsNdGhbdVu1s3naRHG3x44Q=​
EXPECTED RESULT:
secret must be

iifh88QNzj1Y1uAlssmQZsNdGhbdVu1s3naRHG3x44Q%3D​
ANY ADDITIONAL INFORMATION:
Maybe some warning in the e-mail that it would be possible the the code have to be copied manual if it doesn't work.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Help with sorting out
 
additional info:

copying the link in the field does not work: it keeps saying: wrong secret code.
 
Questions from developer:

1. Is user able to change a password? If yes, what is the problem?
2. There is no bug here. The secret in the example is URL encoded, so, when it is decoded, %3D has been changed with = – it is absolutely correct.
 
I guess the user uses some sort of webmail.
Can he open the mail as plain text, copy such URL and past it into the browser location bar?
 
At the moment the user can not do this anymore because i have reset his password for him via plesk.

But as i reported: that doesnt work.

Linulex said:
additional info:

copying the link in the field does not work: it keeps saying: wrong secret code.
Click to expand...

regards
Jan
 
You must log in or register to reply here.

Similar threads

V
Resolved Roundcube config.local.php not read
Replies
3
Views
784
Visnet
V
E
Issue Extension Amazon S3 Backup / error remote storage
Replies
2
Views
1K
Erwan
E
serreri
Possible problem with password recovery with incorrect email
Replies
1
Views
706
Kaspar@Plesk
Kaspar@Plesk
P
Forwarded to devs Event 'CP User Login' triggered despite invalid additional authentication step (MFA)
Replies
2
Views
1K
Kaspar@Plesk
Kaspar@Plesk
K
Forwarded to devs User name of account owner always used in password reset email of other users
Replies
1
Views
1K
IgorG
IgorG
Back
Top