Make WordPress Core


Ignore:
Timestamp:
02/01/2021 10:11:46 PM (3 years ago)
Author:
adamsilverstein
Message:

Users: enable admins to send users a reset password link.

Add a feature so Admins can send users a 'password reset' email. This doesn't change the password or force a password change. It only emails the user the password reset link.

The feature appears in several places:

  • A "Send Reset Link" button on user profile screen.
  • A "Send password reset" option in the user list bulk action dropdown.
  • A "Send password reset" quick action when hovering over a username in the user list.

Props Ipstenu, DrewAPicture, eventualo, wonderboymusic, knutsp, ericlewis, afercia, JoshuaWold, johnbillion, paaljoachim, hedgefield.
Fixes #34281.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/users.php

    r49944 r50129  
    203203                'delete_count' => $delete_count,
    204204                'update'       => $update,
     205            ),
     206            $redirect
     207        );
     208        wp_redirect( $redirect );
     209        exit;
     210
     211    case 'resetpassword':
     212        check_admin_referer( 'bulk-users' );
     213        if ( ! current_user_can( 'edit_users' ) ) {
     214            $errors = new WP_Error( 'edit_users', __( 'You can’t edit users.' ) );
     215        }
     216        if ( empty( $_REQUEST['users'] ) ) {
     217            wp_redirect( $redirect );
     218            exit();
     219        }
     220        $userids = array_map( 'intval', (array) $_REQUEST['users'] );
     221
     222        $reset_count = 0;
     223
     224        foreach ( $userids as $id ) {
     225            if ( ! current_user_can( 'edit_user', $id ) ) {
     226                wp_die( __( 'You can’t edit that user.' ) );
     227            }
     228
     229            if ( $id === $current_user->ID ) {
     230                $update = 'err_admin_reset';
     231                continue;
     232            }
     233
     234            // Send the password reset link.
     235            $user = get_userdata( $id );
     236            if ( retrieve_password( $user->user_login ) ) {
     237                ++$reset_count;
     238            }
     239        }
     240
     241        $redirect = add_query_arg(
     242            array(
     243                'reset_count' => $reset_count,
     244                'update'      => 'resetpassword',
    205245            ),
    206246            $redirect
     
    507547                    $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . $message . '</p></div>';
    508548                    break;
     549                case 'resetpassword':
     550                    $reset_count = isset( $_GET['reset_count'] ) ? (int) $_GET['reset_count'] : 0;
     551                    if ( 1 === $reset_count ) {
     552                        $message = __( 'Password reset link sent.' );
     553                    } else {
     554                        /* translators: %s: Number of users. */
     555                        $message = sprintf( __( 'Password reset links sent to %s users.' ), $reset_count );
     556                    }
     557                    $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . $message . '</p></div>';
     558                    break;
    509559                case 'promote':
    510560                    $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . __( 'Changed roles.' ) . '</p></div>';
Note: See TracChangeset for help on using the changeset viewer.