WordPress.org

Make WordPress Core

Ticket #2870: wp-login.php.diff

File wp-login.php.diff, 5.0 KB (added by darkfate, 8 years ago)

allow user to reset password with one form, updated: took out second mail with password

  • wp-login.php

     
    5151        window.onload = focusit; 
    5252        </script> 
    5353        <style type="text/css"> 
    54         #user_login, #email, #submit { 
     54        #user_login, #new_pass, #email, #submit { 
    5555                font-size: 1.7em; 
    5656        } 
    5757        </style> 
     
    5959<body> 
    6060<div id="login"> 
    6161<h1><a href="http://wordpress.org/">WordPress</a></h1> 
    62 <p><?php _e('Please enter your information here. We will send you a new password.') ?></p> 
     62<p><?php _e('Please enter your information here. We will send you a link to activate your new password.') ?></p> 
    6363<?php 
    6464if ($error) 
    6565        echo "<div id='login_error'>$error</div>"; 
     
    7070<input type="hidden" name="action" value="retrievepassword" /> 
    7171<label><?php _e('Username:') ?><br /> 
    7272<input type="text" name="user_login" id="user_login" value="" size="20" tabindex="1" /></label></p> 
     73<p><label><?php _e('New Password:') ?><br /> 
     74<input type="password" name="new_pass" id="new_pass" value="" size="20" tabindex="2" /></label><br /> 
     75</p> 
    7376<p><label><?php _e('E-mail:') ?><br /> 
    74 <input type="text" name="email" id="email" value="" size="25" tabindex="2" /></label><br /> 
     77<input type="text" name="email" id="email" value="" size="25" tabindex="3" /></label><br /> 
    7578</p> 
    76 <p class="submit"><input type="submit" name="submit" id="submit" value="<?php _e('Retrieve Password'); ?> &raquo;" tabindex="3" /></p> 
     79<p class="submit"><input type="submit" name="submit" id="submit" value="<?php _e('Retrieve Password'); ?> &raquo;" tabindex="4" /></p> 
    7780</form> 
    7881<ul> 
    7982        <li><a href="<?php bloginfo('home'); ?>/" title="<?php _e('Are you lost?') ?>">&laquo; <?php _e('Back to blog') ?></a></li> 
     
    8992break; 
    9093 
    9194case 'retrievepassword': 
     95    $new_pass = $_POST['new_pass']; 
    9296        $user_data = get_userdatabylogin($_POST['user_login']); 
    9397        // redefining user_login ensures we return the right case in the email 
    9498        $user_login = $user_data->user_login; 
     
    107111        $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; 
    108112        $message .= get_option('siteurl') . "\r\n\r\n"; 
    109113        $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; 
    110         $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n"; 
    111         $message .= get_settings('siteurl') . "/wp-login.php?action=resetpass&key=$key\r\n"; 
     114        $message .= __('To set your new password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n"; 
     115        $message .= get_settings('siteurl') . "/wp-login.php?action=resetpass&new_pass=$new_pass&key=$key\r\n"; 
    112116 
    113117        $m = wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_settings('blogname')), $message); 
    114118 
     
    117121         echo  __('Possible reason: your host may have disabled the mail() function...') . "</p>"; 
    118122                die(); 
    119123        } else { 
    120                 echo '<p>' .  sprintf(__("The e-mail was sent successfully to %s's e-mail address."), $user_login) . '<br />'; 
    121                 echo  "<a href='wp-login.php' title='" . __('Check your e-mail first, of course') . "'>" . __('Click here to login!') . '</a></p>'; 
     124                echo '<p>' .  sprintf(__("The e-mail was sent successfully to %s's e-mail address to active new password."), $user_login) . '<br />'; 
    122125                die(); 
    123126        } 
    124127 
     
    135138                die( __('Sorry, that key does not appear to be valid.') ); 
    136139 
    137140        do_action('password_reset'); 
    138  
    139         $new_pass = substr( md5( uniqid( microtime() ) ), 0, 7); 
     141         
     142        $new_pass = stripslashes($_GET['new_pass']); 
    140143        $wpdb->query("UPDATE $wpdb->users SET user_pass = MD5('$new_pass'), user_activation_key = '' WHERE user_login = '$user->user_login'"); 
    141144        wp_cache_delete($user->ID, 'users'); 
    142145        wp_cache_delete($user->user_login, 'userlogins');        
    143         $message  = sprintf(__('Username: %s'), $user->user_login) . "\r\n"; 
    144         $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n"; 
    145         $message .= get_settings('siteurl') . "/wp-login.php\r\n"; 
    146  
    147         $m = wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_settings('blogname')), $message); 
    148  
    149         if ($m == false) { 
    150                 echo '<p>' . __('The e-mail could not be sent.') . "<br />\n"; 
    151                 echo  __('Possible reason: your host may have disabled the mail() function...') . '</p>'; 
    152                 die(); 
    153         } else { 
    154                 echo '<p>' .  sprintf(__('Your new password is in the mail.'), $user_login) . '<br />'; 
    155         echo  "<a href='wp-login.php' title='" . __('Check your e-mail first, of course') . "'>" . __('Click here to login!') . '</a></p>'; 
     146         
     147                echo '<p>' .  sprintf(__('Your new password is %s'), $new_pass) . '<br />'; 
     148        echo  "<a href='wp-login.php' title='Login'>" . __('Click here to login!') . '</a></p>'; 
    156149                // send a copy of password change notification to the admin 
    157150                $message = sprintf(__('Password Lost and Changed for user: %s'), $user->user_login) . "\r\n"; 
    158151                wp_mail(get_settings('admin_email'), sprintf(__('[%s] Password Lost/Change'), get_settings('blogname')), $message); 
    159152                die(); 
    160         } 
     153         
    161154break; 
    162155 
    163156case 'login' :