WordPress.org
WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
07/01/2015 02:47:24 PM (7 years ago)
Author:
markjaquith
Message:

New password change/set UI.

  • Generate the password for the user
  • More tightly integrate password strength meter
  • Warn on weak passwords

see #32589

props MikeHansenMe, adamsilverstein, binarykitten

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/pluggable.php

    r33017 r33023  
    16911691 *
    16921692 * @param int    $user_id        User ID.
    1693  * @param string $plaintext_pass Optional. The user's plaintext password. Default empty.
    1694  */
    1695 function wp_new_user_notification($user_id, $plaintext_pass = '') {
     1693 */
     1694function wp_new_user_notification($user_id) {
     1695    global $wpdb;
    16961696    $user = get_userdata( $user_id );
    16971697
     
    17061706    @wp_mail(get_option('admin_email'), sprintf(__('[%s] New User Registration'), $blogname), $message);
    17071707
    1708     if ( empty($plaintext_pass) )
    1709         return;
    1710 
    1711     $message  = sprintf(__('Username: %s'), $user->user_login) . "\r\n";
    1712     $message .= sprintf(__('Password: %s'), $plaintext_pass) . "\r\n";
     1708    // Generate something random for a password reset key.
     1709    $key = wp_generate_password( 20, false );
     1710
     1711    do_action( 'retrieve_password_key', $user->user_login, $key );
     1712
     1713    // Now insert the key, hashed, into the DB.
     1714    if ( empty( $wp_hasher ) ) {
     1715        require_once ABSPATH . WPINC . '/class-phpass.php';
     1716        $wp_hasher = new PasswordHash( 8, true );
     1717    }
     1718    $hashed = time() . ':' . $wp_hasher->HashPassword( $key );
     1719    $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user->user_login ) );
     1720
     1721    $message = sprintf(__('Username: %s'), $user->user_login) . "\r\n\r\n";
     1722    $message .= __('To set your password, visit the following address:') . "\r\n\r\n";
     1723    $message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user->user_login), 'login') . ">\r\n\r\n";
     1724
    17131725    $message .= wp_login_url() . "\r\n";
    17141726
    1715     wp_mail($user->user_email, sprintf(__('[%s] Your username and password'), $blogname), $message);
     1727    wp_mail($user->user_email, sprintf(__('[%s] Your username and password info'), $blogname), $message);
    17161728
    17171729}
Note: See TracChangeset for help on using the changeset viewer.