Ticket #5919: 5919.diff
| File 5919.diff, 6.3 KB (added by , 15 years ago) |
|---|
-
wp-login.php
115 115 echo '<p class="message">' . apply_filters('login_messages', $messages) . "</p>\n"; 116 116 } 117 117 } // End of login_header() 118 119 /** 120 * Outputs the footer for the login page. 121 * 122 * @param string $input_id Which input to auto-focus 123 */ 124 function login_footer($input_id = '') { 125 echo "</div>\n"; 126 127 if ( !empty($input_id) ) { 128 ?> 129 <script type="text/javascript"> 130 try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e){} 131 if(typeof wpOnload=='function')wpOnload(); 132 </script> 133 <?php 134 } 135 ?> 136 <p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></p> 137 138 </body> 139 </html> 140 <?php 141 } 142 118 143 function wp_shake_js() { 119 144 global $is_iphone; 120 145 if ( $is_iphone ) … … 211 236 } 212 237 213 238 /** 214 * Handles resetting the user's password.239 * Retrieves a user row based on password reset key and login 215 240 * 216 241 * @uses $wpdb WordPress Database object 217 242 * 218 243 * @param string $key Hash to validate sending user's password 219 * @return bool|WP_Error 244 * @param string $login The user login 245 * 246 * @return object|WP_Error 220 247 */ 221 function reset_password($key, $login) {248 function check_password_reset_key($key, $login) { 222 249 global $wpdb; 223 250 224 251 $key = preg_replace('/[^a-z0-9]/i', '', $key); … … 230 257 return new WP_Error('invalid_key', __('Invalid key')); 231 258 232 259 $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login)); 260 233 261 if ( empty( $user ) ) 234 262 return new WP_Error('invalid_key', __('Invalid key')); 263 264 return $user; 265 } 235 266 236 // Generate something random for a password... 237 $new_pass = wp_generate_password(); 238 267 /** 268 * Handles resetting the user's password. 269 * 270 * @uses $wpdb WordPress Database object 271 * 272 * @param string $key Hash to validate sending user's password 273 */ 274 function reset_password($user, $new_pass) { 239 275 do_action('password_reset', $user, $new_pass); 240 276 241 277 wp_set_password($new_pass, $user->ID); 242 update_user_option($user->ID, 'default_password_nag', true, true); //Set up the Password change nag. 278 243 279 $message = sprintf(__('Username: %s'), $user->user_login) . "\r\n"; 244 280 $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n"; 245 281 $message .= site_url('wp-login.php', 'login') . "\r\n"; … … 256 292 $title = apply_filters('password_reset_title', $title); 257 293 $message = apply_filters('password_reset_message', $message, $new_pass); 258 294 259 if ( $message && !wp_mail($user->user_email, $title, $message))260 wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...'));295 if ( $message ) 296 wp_mail($user->user_email, $title, $message); 261 297 262 298 wp_password_change_notification($user); 263 264 return true;265 299 } 266 300 267 301 /** … … 398 432 </form> 399 433 400 434 <p id="nav"> 435 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> 401 436 <?php if (get_option('users_can_register')) : ?> 402 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> | 403 <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> 404 <?php else : ?> 405 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> 437 | <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> 406 438 <?php endif; ?> 407 439 </p> 408 440 409 </div>410 411 <p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>412 413 <script type="text/javascript">414 try{document.getElementById('user_login').focus();}catch(e){}415 if(typeof wpOnload=='function')wpOnload();416 </script>417 </body>418 </html>419 441 <?php 442 login_footer('user_login'); 420 443 break; 421 444 422 445 case 'resetpass' : 423 446 case 'rp' : 424 $ errors = reset_password($_GET['key'], $_GET['login']);447 $user = check_password_reset_key($_GET['key'], $_GET['login']); 425 448 426 if ( ! is_wp_error($errors) ) {427 wp_redirect('wp-login.php? checkemail=newpass');428 exit ();449 if ( is_wp_error($user) ) { 450 wp_redirect('wp-login.php?action=lostpassword&error=invalidkey'); 451 exit; 429 452 } 430 453 431 wp_redirect('wp-login.php?action=lostpassword&error=invalidkey'); 432 exit(); 454 if ( isset($_POST['pass']) && !empty($_POST['pass']) ) { 455 reset_password($user, $_POST['pass']); 456 login_header(__('Password Reset'), '<p class="message reset-pass">' . __('Your password has been reset.') . ' <a href="' . site_url('wp-login.php', 'login') . '">' . __('Log in') . '</a></p>'); 457 login_footer(); 458 exit; 459 } 433 460 461 login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Reset your password') . '</p>'); 462 ?> 463 <form name="resetpassform" id="resetpassform" action="<?php echo site_url('wp-login.php?action=resetpass&key=' . urlencode($_GET['key']) . '&login=' . urlencode($_GET['login']), 'login_post') ?>" method="post"> 464 <p> 465 <label><?php _e('New Password') ?><br /> 466 <input type="password" name="pass" id="user_pass" size="16" value="" autocomplete="off" /></label> 467 </p> 468 <br class="clear" /> 469 <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Reset Password'); ?>" tabindex="100" /></p> 470 </form> 471 472 <p id="nav"> 473 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> 474 <?php if (get_option('users_can_register')) : ?> 475 | <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> 476 <?php endif; ?> 477 </p> 478 479 <?php 480 login_footer('user_pass'); 434 481 break; 435 482 436 483 case 'register' : … … 485 532 <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a> 486 533 </p> 487 534 488 </div>489 490 <p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>491 492 <script type="text/javascript">493 try{document.getElementById('user_login').focus();}catch(e){}494 if(typeof wpOnload=='function')wpOnload();495 </script>496 </body>497 </html>498 535 <?php 536 login_footer('user_login'); 499 537 break; 500 538 501 539 case 'login' :