WordPress.org

Make WordPress Core

Changeset 21923


Ignore:
Timestamp:
09/20/2012 11:01:29 AM (8 years ago)
Author:
westi
Message:

Passwords: Make it possible for plugins to enforce extra password strength / validity rules during the reset process.

Adds a filter in the password reset process so that a plugin can enforce particular password rules on users to compliment the existing filtering in the Profile modification process.
Fixes #21778.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-login.php

    r21813 r21923  
    460460    }
    461461
    462     $errors = '';
    463 
    464     if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] ) {
    465         $errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.'));
    466     } elseif ( isset($_POST['pass1']) && !empty($_POST['pass1']) ) {
     462    $errors = new WP_Error();
     463
     464    if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] )
     465        $errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
     466
     467    do_action( 'validate_password_reset', $errors, $user );
     468
     469    if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
    467470        reset_password($user, $_POST['pass1']);
    468471        login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' );
Note: See TracChangeset for help on using the changeset viewer.