Changeset 15710 for trunk/wp-login.php
- Timestamp:
- 10/04/2010 03:32:54 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-login.php
r15090 r15710 116 116 } 117 117 } // End of login_header() 118 119 /** 120 * Outputs the footer for the login page. 121 * 122 * @param string $input_id Which input to auto-focus 123 */ 124 function login_footer($input_id = '') { 125 echo "</div>\n"; 126 127 if ( !empty($input_id) ) { 128 ?> 129 <script type="text/javascript"> 130 try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e){} 131 if(typeof wpOnload=='function')wpOnload(); 132 </script> 133 <?php 134 } 135 ?> 136 <p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></p> 137 138 </body> 139 </html> 140 <?php 141 } 142 118 143 function wp_shake_js() { 119 144 global $is_iphone; … … 212 237 213 238 /** 214 * Handles resetting the user's password.239 * Retrieves a user row based on password reset key and login 215 240 * 216 241 * @uses $wpdb WordPress Database object 217 242 * 218 243 * @param string $key Hash to validate sending user's password 219 * @return bool|WP_Error 244 * @param string $login The user login 245 * 246 * @return object|WP_Error 220 247 */ 221 function reset_password($key, $login) {248 function check_password_reset_key($key, $login) { 222 249 global $wpdb; 223 250 … … 231 258 232 259 $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login)); 260 233 261 if ( empty( $user ) ) 234 262 return new WP_Error('invalid_key', __('Invalid key')); 235 236 // Generate something random for a password... 237 $new_pass = wp_generate_password(); 238 263 264 return $user; 265 } 266 267 /** 268 * Handles resetting the user's password. 269 * 270 * @uses $wpdb WordPress Database object 271 * 272 * @param string $key Hash to validate sending user's password 273 */ 274 function reset_password($user, $new_pass) { 239 275 do_action('password_reset', $user, $new_pass); 240 276 241 277 wp_set_password($new_pass, $user->ID); 242 update_user_option($user->ID, 'default_password_nag', true, true); //Set up the Password change nag.243 $message = sprintf(__('Username: %s'), $user->user_login) . "\r\n";244 $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";245 $message .= site_url('wp-login.php', 'login') . "\r\n";246 247 if ( is_multisite() )248 $blogname = $GLOBALS['current_site']->site_name;249 else250 // The blogname option is escaped with esc_html on the way into the database in sanitize_option251 // we want to reverse this for the plain text arena of emails.252 $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);253 254 $title = sprintf( __('[%s] Your new password'), $blogname );255 256 $title = apply_filters('password_reset_title', $title);257 $message = apply_filters('password_reset_message', $message, $new_pass);258 259 if ( $message && !wp_mail($user->user_email, $title, $message) )260 wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') );261 278 262 279 wp_password_change_notification($user); 263 264 return true;265 280 } 266 281 … … 399 414 400 415 <p id="nav"> 416 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> 401 417 <?php if (get_option('users_can_register')) : ?> 402 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> | 403 <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> 404 <?php else : ?> 405 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> 418 | <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> 406 419 <?php endif; ?> 407 420 </p> 408 421 409 </div> 410 411 <p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></p> 412 413 <script type="text/javascript"> 414 try{document.getElementById('user_login').focus();}catch(e){} 415 if(typeof wpOnload=='function')wpOnload(); 416 </script> 417 </body> 418 </html> 419 <?php 422 <?php 423 login_footer('user_login'); 420 424 break; 421 425 422 426 case 'resetpass' : 423 427 case 'rp' : 424 $errors = reset_password($_GET['key'], $_GET['login']); 425 426 if ( ! is_wp_error($errors) ) { 427 wp_redirect('wp-login.php?checkemail=newpass'); 428 exit(); 429 } 430 431 wp_redirect('wp-login.php?action=lostpassword&error=invalidkey'); 432 exit(); 433 428 $user = check_password_reset_key($_GET['key'], $_GET['login']); 429 430 if ( is_wp_error($user) ) { 431 wp_redirect('wp-login.php?action=lostpassword&error=invalidkey'); 432 exit; 433 } 434 435 $errors = ''; 436 437 if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] ) { 438 $errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.')); 439 } elseif ( isset($_POST['pass1']) && !empty($_POST['pass1']) ) { 440 reset_password($user, $_POST['pass']); 441 login_header(__('Password Reset'), '<p class="message reset-pass">' . __('Your password has been reset.') . ' <a href="' . site_url('wp-login.php', 'login') . '">' . __('Log in') . '</a></p>'); 442 login_footer(); 443 exit; 444 } 445 446 login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Reset your password') . '</p>', $errors ); 447 ?> 448 <form name="resetpassform" id="resetpassform" action="<?php echo site_url('wp-login.php?action=resetpass&key=' . urlencode($_GET['key']) . '&login=' . urlencode($_GET['login']), 'login_post') ?>" method="post"> 449 <p> 450 <label><?php _e('New Password') ?><br /> 451 <input type="password" name="pass1" id="user_pass" class="input" size="20" value="" autocomplete="off" /></label> 452 </p> 453 <p> 454 <label><?php _e('New Password Again') ?><br /> 455 <input type="password" name="pass2" id="user_pass" class="input" size="20" value="" autocomplete="off" /></label> 456 </p> 457 <br class="clear" /> 458 <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Reset Password'); ?>" tabindex="100" /></p> 459 </form> 460 461 <p id="nav"> 462 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> 463 <?php if (get_option('users_can_register')) : ?> 464 | <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> 465 <?php endif; ?> 466 </p> 467 468 <?php 469 login_footer('user_pass'); 434 470 break; 435 471 … … 486 522 </p> 487 523 488 </div> 489 490 <p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></p> 491 492 <script type="text/javascript"> 493 try{document.getElementById('user_login').focus();}catch(e){} 494 if(typeof wpOnload=='function')wpOnload(); 495 </script> 496 </body> 497 </html> 498 <?php 524 <?php 525 login_footer('user_login'); 499 526 break; 500 527
Note: See TracChangeset
for help on using the changeset viewer.