diff --git src/wp-includes/user.php src/wp-includes/user.php
index c8d756f..1fa0f04 100644
|
|
function check_password_reset_key($key, $login) { |
2283 | 2283 | $wp_hasher = new PasswordHash( 8, true ); |
2284 | 2284 | } |
2285 | 2285 | |
2286 | | if ( $wp_hasher->CheckPassword( $key, $row->user_activation_key ) ) |
| 2286 | $expire_time = apply_filters( 'password_reset_expiration', '24 hours' ); |
| 2287 | |
| 2288 | if ( strpos( $row->user_activation_key, ':' ) !== false ) { |
| 2289 | list( $pass_exp, $pass_key ) = explode( ':', $row->user_activation_key, 2 ); |
| 2290 | } else { |
| 2291 | $pass_key = ''; |
| 2292 | $pass_exp = 0; |
| 2293 | } |
| 2294 | |
| 2295 | if ( time() > strtotime( $expire_time, $pass_exp ) ) { |
| 2296 | return new WP_Error( 'expired_key', __( 'Your password reset token has expired.' ) ); |
| 2297 | } |
| 2298 | |
| 2299 | if ( $wp_hasher->CheckPassword( $key, $pass_key ) ) { |
2287 | 2300 | return get_userdata( $row->ID ); |
| 2301 | } |
2288 | 2302 | |
2289 | 2303 | if ( $key === $row->user_activation_key ) { |
2290 | | $return = new WP_Error( 'expired_key', __( 'Invalid key' ) ); |
| 2304 | $return = new WP_Error( 'expired_key', __( 'Your password reset token has expired.' ) ); |
2291 | 2305 | $user_id = $row->ID; |
2292 | 2306 | |
2293 | 2307 | /** |
diff --git src/wp-login.php src/wp-login.php
index 2056852..00a3a4b 100644
|
|
function retrieve_password() { |
363 | 363 | require_once ABSPATH . WPINC . '/class-phpass.php'; |
364 | 364 | $wp_hasher = new PasswordHash( 8, true ); |
365 | 365 | } |
366 | | $hashed = $wp_hasher->HashPassword( $key ); |
| 366 | $hashed = time() . ':' . $wp_hasher->HashPassword( $key ); |
367 | 367 | $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) ); |
368 | 368 | |
369 | 369 | $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n"; |
… |
… |
case 'retrievepassword' : |
531 | 531 | if ( 'invalidkey' == $_GET['error'] ) |
532 | 532 | $errors->add( 'invalidkey', __( 'Sorry, that key does not appear to be valid.' ) ); |
533 | 533 | elseif ( 'expiredkey' == $_GET['error'] ) |
534 | | $errors->add( 'expiredkey', __( 'Sorry, that key has expired. Please try again.' ) ); |
| 534 | $errors->add( 'expiredkey', __( 'Your password reset link has expired. Please request a new link below.' ) ); |
535 | 535 | } |
536 | 536 | |
537 | 537 | $lostpassword_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; |