Forums | Mahara Community

Developers /
Password recovery issue in April 2015

Shen Zhang's profile picture
Posts: 72

06 July 2015, 10:14 AM


I'm testing the April 2015 version. I did a fresh install of the version on our testing server. When testing the password recovery function under "Lost username / password", it displayed the page shown below after I've put in the username:


What it should be displaying is a message below, which is displayed on our current live server:


I did a testing on the demo site (, and it gives me the same message as what is on our testing server for April 2015 version. 

Has anyone noticed this? Can this be a bug for April 2015 version?

Kind regards,


Robert Lyon's profile picture
Posts: 380

06 July 2015, 10:20 AM

Hi Shen,

This sounds like this bug where the forgotpass.php page is not checking the correct $SESSION instance.

The fix for this is here (if using version 15.04):

Let me know if that fixes your issue or not



Aaron Wells's profile picture
Posts: 896

06 July 2015, 11:55 AM

We should probably get that 15.04.2 release out pretty soon. The broken password reset bug is pretty high priority.



Shen Zhang's profile picture
Posts: 72

07 July 2015, 7:50 AM

Thanks Robert and Aaron. That's very helpful.


Kind regards,


Jawyei Wong's profile picture
Posts: 16

07 July 2015, 10:45 AM

Hi Aaron,

When we tried it on our server running php version 5.4.16 on Redhat 7.1, we get a blank page and the the error

PHP Fatal error:  Can't use method return value in write context in /var/www/html/mahara/forgotpass.php on line 21, referer:

Line 21 is:

if (!empty($SESSION->get('pwchangerequested'))) {

Looking into the issue I found which basically says on empty() needs to access value by reference (in order to check whether that reference points to something that exists), and PHP before 5.5 didn't support references to temporary values returned from functions. Following what they suggested I changed line 21 to:

if ($SESSION->get('pwchangerequested')) {

Which if the answer in stackoverflow is correct should be the same as it was previously. After doing that no error is given and the page renders. Would this be the correct change for people that get that error?


Robert Lyon's profile picture
Posts: 380

08 July 2015, 1:04 PM

Hi Jawyei,

I've filed a bug report for this:

And added your fix suggestion to the reviews system:



6 results