Changeset 50129 for trunk/src/wp-admin/includes/ajax-actions.php

Timestamp:

02/01/2021 10:11:46 PM (2 years ago)

Author:

adamsilverstein

Message:

Users: enable admins to send users a reset password link.

Add a feature so Admins can send users a 'password reset' email. This doesn't change the password or force a password change. It only emails the user the password reset link.

The feature appears in several places:

• A "Send Reset Link" button on user profile screen.
• A "Send password reset" option in the user list bulk action dropdown.
• A "Send password reset" quick action when hovering over a username in the user list.

Props Ipstenu, DrewAPicture, eventualo, wonderboymusic, knutsp, ericlewis, afercia, JoshuaWold, johnbillion, paaljoachim, hedgefield.
Fixes #34281.

File:

• trunk/src/wp-admin/includes/ajax-actions.php (modified) (1 diff)

trunk/src/wp-admin/includes/ajax-actions.php

@@ -5399 +5399 @@
     wp_send_json_success();
 }
+
+/**
+ * Ajax handler sends a password reset link.
+ *
+ * @since 5.7.0
+ */
+function wp_ajax_send_password_reset() {
+
+    // Validate the nonce for this action.
+    $user_id = isset( $_POST['user_id'] ) ? (int) $_POST['user_id'] : 0;
+    check_ajax_referer( 'reset-password-for-' . $user_id, 'nonce' );
+
+    // Verify user capabilities.
+    if ( ! current_user_can( 'edit_user', $user_id ) ) {
+        wp_send_json_error( __( 'Cannot send password reset, permission denied.' ) );
+    }
+
+    // Send the password reset link.
+    $user    = get_userdata( $user_id );
+    $results = retrieve_password( $user->user_login );
+
+    if ( true === $results ) {
+        wp_send_json_success(
+            /* translators: 1: User's display name. */
+            sprintf( __( 'A password reset link was emailed to %s.' ), $user->display_name )
+        );
+    } else {
+        wp_send_json_error( $results );
+    }
+}