WordPress.org

Make WordPress Core

Ticket #33209: 33209.2.diff

File 33209.2.diff, 3.8 KB (added by thomaswm, 5 years ago)

Backwards-compatible fix

  • wp-includes/ms-functions.php

     
    14461446You can log in to the administrator account with the following information:
    14471447
    14481448Username: USERNAME
    1449 Password: PASSWORD
    1450 Log in here: BLOG_URLwp-login.php
    14511449
     1450To set your password, visit the following address:
     1451<RESETPWLINK>
     1452
     1453After you have set your password, you can log in here:
     1454BLOG_URLwp-login.php
     1455
    14521456We hope you enjoy your new site. Thanks!
    14531457
    14541458--The Team @ SITE_NAME' );
     
    14611465        $welcome_email = str_replace( 'BLOG_TITLE', $title, $welcome_email );
    14621466        $welcome_email = str_replace( 'BLOG_URL', $url, $welcome_email );
    14631467        $welcome_email = str_replace( 'USERNAME', $user->user_login, $welcome_email );
    1464         $welcome_email = str_replace( 'PASSWORD', $password, $welcome_email );
     1468       
     1469        if ( false !== strpos( $welcome_email, 'PASSWORD' ) ) { // Email password to user
     1470                $welcome_email = str_replace( 'PASSWORD', $password, $welcome_email );
     1471        } else { // Don't email the password; send a password reset link instead
     1472       
     1473                // Generate something random for a password reset key.
     1474                $key = wp_generate_password( 20, false );
    14651475
     1476                /** This action is documented in wp-login.php */
     1477                do_action( 'retrieve_password_key', $user->user_login, $key );
     1478
     1479                // Now insert the key, hashed, into the DB.
     1480                if ( empty( $wp_hasher ) ) {
     1481                        require_once ABSPATH . WPINC . '/class-phpass.php';
     1482                        $wp_hasher = new PasswordHash( 8, true );
     1483                }
     1484                $hashed = time() . ':' . $wp_hasher->HashPassword( $key );
     1485                $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user->user_login ) );
     1486
     1487                $resetpwlink = get_site_url( $blog_id, "wp-login.php?action=rp&key=$key&login=" . rawurlencode($user->user_login), 'login' );
     1488                $welcome_email = str_replace( 'RESETPWLINK', $resetpwlink, $welcome_email );
     1489        }
     1490       
     1491
    14661492        /**
    14671493         * Filter the content of the welcome email after site activation.
    14681494         *
     
    15531579        $welcome_email = apply_filters( 'update_welcome_user_email', $welcome_email, $user_id, $password, $meta );
    15541580        $welcome_email = str_replace( 'SITE_NAME', $current_site->site_name, $welcome_email );
    15551581        $welcome_email = str_replace( 'USERNAME', $user->user_login, $welcome_email );
    1556         $welcome_email = str_replace( 'PASSWORD', $password, $welcome_email );
    15571582        $welcome_email = str_replace( 'LOGINLINK', wp_login_url(), $welcome_email );
     1583       
     1584        if ( false !== strpos( $welcome_email, 'PASSWORD' ) ) { // Email password to user
     1585                $welcome_email = str_replace( 'PASSWORD', $password, $welcome_email );
     1586        } else { // Don't email the password; send a password reset link instead
     1587       
     1588                // Generate something random for a password reset key.
     1589                $key = wp_generate_password( 20, false );
    15581590
     1591                /** This action is documented in wp-login.php */
     1592                do_action( 'retrieve_password_key', $user->user_login, $key );
     1593
     1594                // Now insert the key, hashed, into the DB.
     1595                if ( empty( $wp_hasher ) ) {
     1596                        require_once ABSPATH . WPINC . '/class-phpass.php';
     1597                        $wp_hasher = new PasswordHash( 8, true );
     1598                }
     1599                $hashed = time() . ':' . $wp_hasher->HashPassword( $key );
     1600                $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user->user_login ) );
     1601
     1602                $resetpwlink = network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode($user->user_login), 'login' );
     1603                $welcome_email = str_replace( 'RESETPWLINK', $resetpwlink, $welcome_email );
     1604        }
     1605
    15591606        $admin_email = get_site_option( 'admin_email' );
    15601607
    15611608        if ( $admin_email == '' )
     
    21212168
    21222169You can log in with the following information:
    21232170Username: USERNAME
    2124 Password: PASSWORD
     2171
     2172To set your password, visit the following address:
     2173<RESETPWLINK>
     2174
     2175After you have set your password, you can log in here:
    21252176LOGINLINK
    21262177
    21272178Thanks!