Ticket #32429: 32429.6.diff
File 32429.6.diff, 2.2 KB (added by , 10 years ago) |
---|
-
src/wp-includes/user.php
2458 2458 $wp_hasher = new PasswordHash( 8, true ); 2459 2459 } 2460 2460 2461 if ( $wp_hasher->CheckPassword( $key, $row->user_activation_key ) ) 2461 $expiration_duration = apply_filters( 'password_reset_expiration', DAY_IN_SECONDS ); 2462 2463 if ( false !== strpos( $row->user_activation_key, ':' ) ) { 2464 list( $pass_request_time, $pass_key ) = explode( ':', $row->user_activation_key, 2 ); 2465 } else { 2466 $pass_key = ''; 2467 $pass_request_time = 0; 2468 } 2469 2470 $expiration_time = $expiration_duration + $pass_request_time; 2471 2472 if ( time() > $expiration_time ) { 2473 return new WP_Error( 'expired_key', __( 'Your password reset token has expired.' ) ); 2474 } 2475 2476 if ( $wp_hasher->CheckPassword( $key, $pass_key ) ) { 2462 2477 return get_userdata( $row->ID ); 2478 } 2463 2479 2464 2480 if ( $key === $row->user_activation_key ) { 2465 $return = new WP_Error( 'expired_key', __( ' Invalid key' ) );2481 $return = new WP_Error( 'expired_key', __( 'Your password reset token has expired.' ) ); 2466 2482 $user_id = $row->ID; 2467 2483 2468 2484 /** -
src/wp-login.php
363 363 require_once ABSPATH . WPINC . '/class-phpass.php'; 364 364 $wp_hasher = new PasswordHash( 8, true ); 365 365 } 366 $hashed = $wp_hasher->HashPassword( $key );366 $hashed = time() . ':' . $wp_hasher->HashPassword( $key ); 367 367 $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) ); 368 368 369 369 $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n"; … … 531 531 if ( 'invalidkey' == $_GET['error'] ) 532 532 $errors->add( 'invalidkey', __( 'Sorry, that key does not appear to be valid.' ) ); 533 533 elseif ( 'expiredkey' == $_GET['error'] ) 534 $errors->add( 'expiredkey', __( ' Sorry, that key has expired. Please try again.' ) );534 $errors->add( 'expiredkey', __( 'Your password reset link has expired. Please request a new link below.' ) ); 535 535 } 536 536 537 537 $lostpassword_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';