WordPress.org

Make WordPress Core

Ticket #32429: 32429.5.diff

File 32429.5.diff, 2.2 KB (added by voldemortensen, 6 years ago)
  • src/wp-includes/user.php

     
    24582458                $wp_hasher = new PasswordHash( 8, true );
    24592459        }
    24602460
    2461         if ( $wp_hasher->CheckPassword( $key, $row->user_activation_key ) )
     2461        $expire_time = apply_filters( 'password_reset_expiration', DAY_IN_SECONDS );
     2462
     2463        if ( strpos( $row->user_activation_key, ':' ) !== false ) {
     2464                list( $pass_exp, $pass_key ) = explode( ':', $row->user_activation_key, 2 );
     2465        } else {
     2466                $pass_key = '';
     2467                $pass_exp = 0;
     2468        }
     2469
     2470        if ( time() > strtotime( $expire_time, $pass_exp ) ) {
     2471                return new WP_Error( 'expired_key', __( 'Your password reset token has expired.' ) );
     2472        }
     2473
     2474        if ( $wp_hasher->CheckPassword( $key, $pass_key ) ) {
    24622475                return get_userdata( $row->ID );
     2476        }
    24632477
    24642478        if ( $key === $row->user_activation_key ) {
    2465                 $return = new WP_Error( 'expired_key', __( 'Invalid key' ) );
     2479                $return = new WP_Error( 'expired_key', __( 'Your password reset token has expired.' ) );
    24662480                $user_id = $row->ID;
    24672481
    24682482                /**
  • src/wp-login.php

     
    363363                require_once ABSPATH . WPINC . '/class-phpass.php';
    364364                $wp_hasher = new PasswordHash( 8, true );
    365365        }
    366         $hashed = $wp_hasher->HashPassword( $key );
     366        $hashed = time() . ':' . $wp_hasher->HashPassword( $key );
    367367        $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) );
    368368
    369369        $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
     
    531531                if ( 'invalidkey' == $_GET['error'] )
    532532                        $errors->add( 'invalidkey', __( 'Sorry, that key does not appear to be valid.' ) );
    533533                elseif ( 'expiredkey' == $_GET['error'] )
    534                         $errors->add( 'expiredkey', __( 'Sorry, that key has expired. Please try again.' ) );
     534                        $errors->add( 'expiredkey', __( 'Your password reset link has expired. Please request a new link below.' ) );
    535535        }
    536536
    537537        $lostpassword_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';