diff --git src/wp-admin/js/user-profile.js src/wp-admin/js/user-profile.js
index e95a428..eb64b47 100644
|
|
|
278 | 278 | } |
279 | 279 | |
280 | 280 | function check_pass_strength() { |
281 | | var pass1 = $('#pass1').val(), strength; |
| 281 | var pass1 = $('#pass1').val(), |
| 282 | $passScore = $('#wp-reset-pass-score'), |
| 283 | strength; |
282 | 284 | |
283 | 285 | $('#pass-strength-result').removeClass('short bad good strong'); |
284 | 286 | if ( ! pass1 ) { |
… |
… |
|
307 | 309 | default: |
308 | 310 | $('#pass-strength-result').addClass('short').html( pwsL10n['short'] ); |
309 | 311 | } |
| 312 | $passScore.val( strength ); |
310 | 313 | } |
311 | 314 | |
312 | 315 | function showOrHideWeakPasswordCheckbox() { |
diff --git src/wp-includes/default-filters.php src/wp-includes/default-filters.php
index 96d5fc3..e2ac861 100644
|
|
add_action( 'wp_split_shared_term_batch', '_wp_batch_split_terms' ); |
418 | 418 | // Email notifications. |
419 | 419 | add_action( 'comment_post', 'wp_new_comment_notify_moderator' ); |
420 | 420 | add_action( 'comment_post', 'wp_new_comment_notify_postauthor' ); |
421 | | add_action( 'after_password_reset', 'wp_password_change_notification' ); |
| 421 | add_action( 'after_password_reset', 'wp_password_change_notification', 10, 3 ); |
422 | 422 | add_action( 'register_new_user', 'wp_send_new_user_notifications' ); |
423 | 423 | add_action( 'edit_user_created_user', 'wp_send_new_user_notifications', 10, 2 ); |
424 | 424 | |
diff --git src/wp-includes/pluggable.php src/wp-includes/pluggable.php
index 9936858..6470907 100644
|
|
if ( ! function_exists( 'wp_password_change_notification' ) ) : |
1816 | 1816 | * Notify the blog admin of a user changing password, normally via email. |
1817 | 1817 | * |
1818 | 1818 | * @since 2.7.0 |
1819 | | * |
1820 | | * @param WP_User $user User object. |
| 1819 | * @since x.x.x Adds the `$new_pass` input argument. |
| 1820 | * @since x.x.x Adds the `$pass_score` input argument. |
| 1821 | * |
| 1822 | * @param WP_User $user User object. |
| 1823 | * @param string $new_pass New password for the user in plaintext. Default null. |
| 1824 | * @param int $pass_score The password strength score for the new password. Expected values: |
| 1825 | * -1 (unknown), 0 (worst), 1 (very weak), 2 (weak), 3 (medium), 4 (strong), 5 (mismatch) |
| 1826 | * Default null. |
1821 | 1827 | */ |
1822 | | function wp_password_change_notification( $user ) { |
| 1828 | function wp_password_change_notification( $user, $new_pass = null, $pass_score = null ) { |
1823 | 1829 | // send a copy of password change notification to the admin |
1824 | 1830 | // but check to see if it's the admin whose password we're changing, and skip this |
1825 | 1831 | if ( 0 !== strcasecmp( $user->user_email, get_option( 'admin_email' ) ) ) { |
1826 | 1832 | /* translators: %s: user name */ |
1827 | 1833 | $message = sprintf( __( 'Password changed for user: %s' ), $user->user_login ) . "\r\n"; |
| 1834 | |
| 1835 | $pass_score_labels = array( |
| 1836 | -1 => _x( 'Password strength unknown', 'password strength' ), |
| 1837 | 0 => _x( 'Very weak', 'password strength' ), // Match the form notice seen by the user. |
| 1838 | 1 => _x( 'Very weak', 'password strength' ), |
| 1839 | 2 => _x( 'Weak', 'password strength' ), |
| 1840 | 3 => _x( 'Medium', 'password strength' ), |
| 1841 | 4 => _x( 'Strong', 'password strength' ), |
| 1842 | 5 => _x( 'Mismatch', 'password mismatch' ), |
| 1843 | ); |
| 1844 | |
| 1845 | if( isset( $pass_score_labels[ $pass_score ] ) ) { |
| 1846 | /* translators: %s: password strength */ |
| 1847 | $message .= sprintf( __( 'Password strength: %s' ), $pass_score_labels[ $pass_score ] ) . "\r\n"; |
| 1848 | } |
| 1849 | |
1828 | 1850 | // The blogname option is escaped with esc_html on the way into the database in sanitize_option |
1829 | 1851 | // we want to reverse this for the plain text arena of emails. |
1830 | 1852 | $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); |
diff --git src/wp-includes/user.php src/wp-includes/user.php
index 476aa51..063f5ad 100644
|
|
function check_password_reset_key( $key, $login ) { |
2360 | 2360 | * Handles resetting the user's password. |
2361 | 2361 | * |
2362 | 2362 | * @since 2.5.0 |
| 2363 | * @since x.x.x Adds the `$pass_score` input argument. |
2363 | 2364 | * |
2364 | | * @param WP_User $user The user |
2365 | | * @param string $new_pass New password for the user in plaintext |
| 2365 | * @param WP_User $user The user. |
| 2366 | * @param string $new_pass New password for the user in plaintext. |
| 2367 | * @param int $pass_score The password strength score for the new password. Expected values: |
| 2368 | * -1 (unknown), 0 (worst), 1 (very weak), 2 (weak), 3 (medium), 4 (strong), 5 (mismatch) |
| 2369 | * Default null. |
2366 | 2370 | */ |
2367 | | function reset_password( $user, $new_pass ) { |
| 2371 | function reset_password( $user, $new_pass, $pass_score = null ) { |
2368 | 2372 | /** |
2369 | 2373 | * Fires before the user's password is reset. |
2370 | 2374 | * |
2371 | 2375 | * @since 1.5.0 |
| 2376 | * @since x.x.x Introduces the `$pass_score` input argument. |
2372 | 2377 | * |
2373 | | * @param object $user The user. |
2374 | | * @param string $new_pass New user password. |
| 2378 | * @param object $user The user. |
| 2379 | * @param string $new_pass New user password. |
| 2380 | * @param int $pass_score The password strength score for the new password. Expected values: |
| 2381 | * -1 (unknown), 0 (worst), 1 (very weak), 2 (weak), 3 (medium), 4 (strong), 5 (mismatch) |
| 2382 | * Default null. |
2375 | 2383 | */ |
2376 | | do_action( 'password_reset', $user, $new_pass ); |
| 2384 | do_action( 'password_reset', $user, $new_pass, $pass_score ); |
2377 | 2385 | |
2378 | 2386 | wp_set_password( $new_pass, $user->ID ); |
2379 | 2387 | update_user_option( $user->ID, 'default_password_nag', false, true ); |
… |
… |
function reset_password( $user, $new_pass ) { |
2382 | 2390 | * Fires after the user's password is reset. |
2383 | 2391 | * |
2384 | 2392 | * @since 4.4.0 |
| 2393 | * @since x.x.x Introduces the `$pass_score` input argument. |
2385 | 2394 | * |
2386 | | * @param WP_User $user The user. |
2387 | | * @param string $new_pass New user password. |
| 2395 | * @param WP_User $user The user. |
| 2396 | * @param string $new_pass New user password. |
| 2397 | * @param int $pass_score The password strength score for the new password. Expected values: |
| 2398 | * -1 (unknown), 0 (worst), 1 (very weak), 2 (weak), 3 (medium), 4 (strong), 5 (mismatch) |
| 2399 | * Default null. |
2388 | 2400 | */ |
2389 | | do_action( 'after_password_reset', $user, $new_pass ); |
| 2401 | do_action( 'after_password_reset', $user, $new_pass, $pass_score ); |
2390 | 2402 | } |
2391 | 2403 | |
2392 | 2404 | /** |
diff --git src/wp-login.php src/wp-login.php
index 93d0818..0946979 100644
|
|
switch ( $action ) { |
670 | 670 | } |
671 | 671 | exit; |
672 | 672 | } |
| 673 | |
| 674 | $pass_score = null; |
| 675 | |
| 676 | /** |
| 677 | * Validate the input for the password strength score. |
| 678 | * |
| 679 | * Allowed values: -1 (unknown), 0 (worst), 1 (very weak), 2 (weak), 3 (medium), 4 (strong), 5 (mismatch). |
| 680 | */ |
| 681 | if ( isset( $_POST['wp-reset-pass-score'] ) && is_numeric( $_POST['wp-reset-pass-score'] ) ) { |
| 682 | if ( -1 <= (int) $_POST['wp-reset-pass-score'] && (int) $_POST['wp-reset-pass-score'] <= 5 ) { |
| 683 | $pass_score = (int) $_POST['wp-reset-pass-score']; |
| 684 | } |
| 685 | } |
673 | 686 | |
674 | 687 | $errors = new WP_Error(); |
675 | 688 | |
… |
… |
switch ( $action ) { |
681 | 694 | * Fires before the password reset procedure is validated. |
682 | 695 | * |
683 | 696 | * @since 3.5.0 |
| 697 | * @since x.x.x Introduces the `$pass_score` input argument. |
684 | 698 | * |
685 | | * @param object $errors WP Error object. |
686 | | * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise. |
| 699 | * @param object $errors WP Error object. |
| 700 | * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise. |
| 701 | * @param int $pass_score The password strength score for the new password. Expected values: |
| 702 | * -1 (unknown), 0 (worst), 1 (very weak), 2 (weak), 3 (medium), 4 (strong), 5 (mismatch) |
| 703 | * Default null. |
687 | 704 | */ |
688 | | do_action( 'validate_password_reset', $errors, $user ); |
| 705 | do_action( 'validate_password_reset', $errors, $user, $pass_score ); |
689 | 706 | |
690 | 707 | if ( ( ! $errors->has_errors() ) && isset( $_POST['pass1'] ) && ! empty( $_POST['pass1'] ) ) { |
| 708 | |
| 709 | reset_password( $user, $_POST['pass1'], $pass_score ); |
| 710 | |
691 | 711 | reset_password( $user, $_POST['pass1'] ); |
692 | 712 | setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true ); |
693 | 713 | login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' ); |
… |
… |
switch ( $action ) { |
745 | 765 | do_action( 'resetpass_form', $user ); |
746 | 766 | ?> |
747 | 767 | <input type="hidden" name="rp_key" value="<?php echo esc_attr( $rp_key ); ?>" /> |
| 768 | <input type="hidden" name="wp-reset-pass-score" id="wp-reset-pass-score" value="" /> |
748 | 769 | <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Reset Password' ); ?>" /></p> |
749 | 770 | </form> |
750 | 771 | |