Changeset 25696 for trunk/src/wp-login.php
- Timestamp:
- 10/06/2013 11:28:42 AM (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-login.php
r25619 r25696 203 203 */ 204 204 function retrieve_password() { 205 global $wpdb, $current_site ;205 global $wpdb, $current_site, $wp_hasher; 206 206 207 207 $errors = new WP_Error(); … … 242 242 return $allow; 243 243 244 $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login)); 245 if ( empty($key) ) { 246 // Generate something random for a key... 247 $key = wp_generate_password(20, false); 248 do_action('retrieve_password_key', $user_login, $key); 249 // Now insert the new md5 key into the db 250 $wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login)); 251 } 244 // Generate something random for a password reset key. 245 $key = wp_generate_password( 20, false ); 246 247 /** 248 * Fires when a password reset key is generated. 249 * 250 * @since 2.5.0 251 * 252 * @param string $user_login The username for the user. 253 * @param string $key The generated password reset key. 254 */ 255 do_action( 'retrieve_password_key', $user_login, $key ); 256 257 // Now insert the key, hashed, into the DB. 258 if ( empty( $wp_hasher ) ) { 259 require_once ABSPATH . 'wp-includes/class-phpass.php'; 260 $wp_hasher = new PasswordHash( 8, true ); 261 } 262 $hashed = $wp_hasher->HashPassword( $key ); 263 $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) ); 264 252 265 $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n"; 253 266 $message .= network_home_url( '/' ) . "\r\n\r\n"; … … 359 372 } 360 373 361 if ( isset($_GET['error']) && 'invalidkey' == $_GET['error'] ) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.')); 374 if ( isset( $_GET['error'] ) ) { 375 if ( 'invalidkey' == $_GET['error'] ) 376 $errors->add( 'invalidkey', __( 'Sorry, that key does not appear to be valid.' ) ); 377 elseif ( 'expiredkey' == $_GET['error'] ) 378 $errors->add( 'expiredkey', __( 'Sorry, that key has expired. Please try again.' ) ); 379 } 380 362 381 $redirect_to = apply_filters( 'lostpassword_redirect', !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' ); 363 382 … … 395 414 396 415 if ( is_wp_error($user) ) { 397 wp_redirect( site_url('wp-login.php?action=lostpassword&error=invalidkey') ); 416 if ( $user->get_error_code() === 'expired_key' ) 417 wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) ); 418 else 419 wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) ); 398 420 exit; 399 421 }
Note: See TracChangeset
for help on using the changeset viewer.