WordPress.org

Make WordPress Core

Ticket #32429: 32429.6.diff

File 32429.6.diff, 2.2 KB (added by MikeHansenMe, 6 years ago)
  • src/wp-includes/user.php

     
    24582458                $wp_hasher = new PasswordHash( 8, true );
    24592459        }
    24602460
    2461         if ( $wp_hasher->CheckPassword( $key, $row->user_activation_key ) )
     2461        $expiration_duration = apply_filters( 'password_reset_expiration', DAY_IN_SECONDS );
     2462
     2463        if ( false !== strpos( $row->user_activation_key, ':' ) ) {
     2464                list( $pass_request_time, $pass_key ) = explode( ':', $row->user_activation_key, 2 );
     2465        } else {
     2466                $pass_key = '';
     2467                $pass_request_time = 0;
     2468        }
     2469
     2470        $expiration_time = $expiration_duration + $pass_request_time;
     2471
     2472        if ( time() > $expiration_time ) {
     2473                return new WP_Error( 'expired_key', __( 'Your password reset token has expired.' ) );
     2474        }
     2475
     2476        if ( $wp_hasher->CheckPassword( $key, $pass_key ) ) {
    24622477                return get_userdata( $row->ID );
     2478        }
    24632479
    24642480        if ( $key === $row->user_activation_key ) {
    2465                 $return = new WP_Error( 'expired_key', __( 'Invalid key' ) );
     2481                $return = new WP_Error( 'expired_key', __( 'Your password reset token has expired.' ) );
    24662482                $user_id = $row->ID;
    24672483
    24682484                /**
  • src/wp-login.php

     
    363363                require_once ABSPATH . WPINC . '/class-phpass.php';
    364364                $wp_hasher = new PasswordHash( 8, true );
    365365        }
    366         $hashed = $wp_hasher->HashPassword( $key );
     366        $hashed = time() . ':' . $wp_hasher->HashPassword( $key );
    367367        $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) );
    368368
    369369        $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
     
    531531                if ( 'invalidkey' == $_GET['error'] )
    532532                        $errors->add( 'invalidkey', __( 'Sorry, that key does not appear to be valid.' ) );
    533533                elseif ( 'expiredkey' == $_GET['error'] )
    534                         $errors->add( 'expiredkey', __( 'Sorry, that key has expired. Please try again.' ) );
     534                        $errors->add( 'expiredkey', __( 'Your password reset link has expired. Please request a new link below.' ) );
    535535        }
    536536
    537537        $lostpassword_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';