I have a new 1.10.1 installation. I had an issue whereby Agents testing the system forgot their passwords then we unable to reset ("Unable to reset password. Contact your administrator"). The logs showed they had logged in when I setup the accounts but not again.
I think what happened is when they got the initial link to set the password, instead of clicking "Save/Update" they clicked "Reset" (which I believe is to clear the form, perhaps "Clear" would be better terminology to use here to avoid confusion since you are "Resetting your password").
This resulted in a password never being set so the scp/pwreset.php class then rejects the subsequent password reset requested since no password exists.
I changed the code to:
case 'sendmail':
if (($staff=Staff::lookup($_POST['userid']))) {
// KK 09/05/2019
/**if (!$staff->hasPassword()) {
$msg = __('Unable to reset password. Contact your administrator');
}
elseif (!$staff->sendResetEmail()) {
$tpl = 'pwreset.sent.php';
}*/
if (!$staff->sendResetEmail()) {
$tpl = 'pwreset.sent.php';
}
}
I am not sure the need for checking if the staff member has a password already when resetting? Regardless, I saw a number of posts with users having this kind of issue, pretty sure they have having the same issue.