Password Reset Not Working

I am getting an increasing number of members who are unable to login after changing password via Forgot Password. When entering the system generated password from the email, access is denied.  This is also the case when changing the password via admin.

Having searched the forum I found an old post from Deano on resetting the Admin password which he said would work for any user if you knew the member ID. The process is:

In phpMyAdmin run the following MySQL queries.

UPDATE `Profiles` SET `Salt` = CONV(FLOOR(RAND()*99999999999999), 10, 36) WHERE `ID`='xxxxx';

UPDATE `Profiles` SET `Password` = SHA1(CONCAT(md5('New Admin Password'), `Salt`)) WHERE `ID`='xxxxx';

Now Delete user1.php from the cache folder on the server. (This step is important.)

This works fine but only if the member Role is set to 3 - Admin. If the role set to 1 - User, password is not recognised when logging in.

I have tried changing the user role to 3, running the above SQL, deleting cache and then setting role back to 1 but with no luck.

Other options I have tried included

Replacing memeber.php to a clean version (not that mine had be altered)

Turning off all caching

This issue does not exist for all users so I'm a bit at a loss.

Any ideas guys?

I have noticed that the html emails seem to include asterisks around the password; or at least that was the case in the older versions.  I would edit the html email template to make sure that the password is displayed cleanly without any additional stuff around it; I think this confuses people.  If they are getting access denied, it is because the user ID, Email address, or the user name; all can be used to log in, is not correct and/or the password they entered is not correct.  They also need to check case as passwords are case sensitive.

However, I suggest you buy this module and replace the current password forgot.  I did and most of my users password forgot woes went away.  One of the better things you can do and not expensive.

https://www.boonex.com/m/advanced-password-forgot

Hello Steve!

I've answered you on the support about access details. For now, I may suggest that possible you need to restore the original forgot.php, inc/admin.inc.php and inc/profiles.inc.php. Maybe something wrong is there, but need to be sure, that's why I need an access.

Thanks Geek, appreciated :)

However, I don't think my advanced password forgot will solve this issue. Most likely the site is on some blacklist and the Dolphin Antispam Tools receives a positive.

I don't know which external service sends the positive, so disable the Antispam Tools feature and see if that solves your login issue. If so, check all the external services it calls until you find the one that is causing the issue and only disable that service until you're off the blacklist.