Changeset 50140
- Timestamp:
- 02/02/2021 12:35:35 PM (4 years ago)
- Location:
- trunk/src/wp-includes
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/functions.php
r50131 r50140 7867 7867 return abs( (float) $expected - (float) $actual ) <= $precision; 7868 7868 } 7869 7870 /**7871 * Handles sending a password retrieval email to a user.7872 *7873 * @since 2.5.07874 * @since 5.7.0 Added `$user_login` parameter.7875 *7876 * Note: prior to 5.7.0 this function was in wp_login.php.7877 *7878 * @global wpdb $wpdb WordPress database abstraction object.7879 * @global PasswordHash $wp_hasher Portable PHP password hashing framework.7880 *7881 * @param string $user_login Optional user_login, default null. Uses7882 * `$_POST['user_login']` if `$user_login` not set.7883 * @return true|WP_Error True when finished, WP_Error object on error.7884 */7885 function retrieve_password( $user_login = null ) {7886 $errors = new WP_Error();7887 $user_data = false;7888 7889 // Use the passed $user_login if available, otherwise use $_POST['user_login'].7890 if ( ! $user_login && ! empty( $_POST['user_login'] ) ) {7891 $user_login = $_POST['user_login'];7892 }7893 7894 if ( empty( $user_login ) ) {7895 $errors->add( 'empty_username', __( '<strong>Error</strong>: Please enter a username or email address.' ) );7896 } elseif ( strpos( $user_login, '@' ) ) {7897 $user_data = get_user_by( 'email', trim( wp_unslash( $user_login ) ) );7898 if ( empty( $user_data ) ) {7899 $errors->add( 'invalid_email', __( '<strong>Error</strong>: There is no account with that username or email address.' ) );7900 }7901 } else {7902 $user_data = get_user_by( 'login', trim( wp_unslash( $user_login ) ) );7903 }7904 7905 /**7906 * Filters the user data during a password reset request.7907 *7908 * Allows, for example, custom validation using data other than username or email address.7909 *7910 * @since 5.7.07911 *7912 * @param WP_User|false $user_data WP_User object if found, false if the user does not exist.7913 * @param WP_Error $errors A WP_Error object containing any errors generated7914 * by using invalid credentials.7915 */7916 $user_data = apply_filters( 'lostpassword_user_data', $user_data, $errors );7917 7918 /**7919 * Fires before errors are returned from a password reset request.7920 *7921 * @since 2.1.07922 * @since 4.4.0 Added the `$errors` parameter.7923 * @since 5.4.0 Added the `$user_data` parameter.7924 *7925 * @param WP_Error $errors A WP_Error object containing any errors generated7926 * by using invalid credentials.7927 * @param WP_User|false $user_data WP_User object if found, false if the user does not exist.7928 */7929 do_action( 'lostpassword_post', $errors, $user_data );7930 7931 /**7932 * Filters the errors encountered on a password reset request.7933 *7934 * The filtered WP_Error object may, for example, contain errors for an invalid7935 * username or email address. A WP_Error object should always be returned,7936 * but may or may not contain errors.7937 *7938 * If any errors are present in $errors, this will abort the password reset request.7939 *7940 * @since 5.5.07941 *7942 * @param WP_Error $errors A WP_Error object containing any errors generated7943 * by using invalid credentials.7944 * @param WP_User|false $user_data WP_User object if found, false if the user does not exist.7945 */7946 $errors = apply_filters( 'lostpassword_errors', $errors, $user_data );7947 7948 if ( $errors->has_errors() ) {7949 return $errors;7950 }7951 7952 if ( ! $user_data ) {7953 $errors->add( 'invalidcombo', __( '<strong>Error</strong>: There is no account with that username or email address.' ) );7954 return $errors;7955 }7956 7957 // Redefining user_login ensures we return the right case in the email.7958 $user_login = $user_data->user_login;7959 $user_email = $user_data->user_email;7960 $key = get_password_reset_key( $user_data );7961 7962 if ( is_wp_error( $key ) ) {7963 return $key;7964 }7965 7966 if ( is_multisite() ) {7967 $site_name = get_network()->site_name;7968 } else {7969 /*7970 * The blogname option is escaped with esc_html on the way into the database7971 * in sanitize_option. We want to reverse this for the plain text arena of emails.7972 */7973 $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );7974 }7975 7976 $message = __( 'Someone has requested a password reset for the following account:' ) . "\r\n\r\n";7977 /* translators: %s: Site name. */7978 $message .= sprintf( __( 'Site Name: %s' ), $site_name ) . "\r\n\r\n";7979 /* translators: %s: User login. */7980 $message .= sprintf( __( 'Username: %s' ), $user_login ) . "\r\n\r\n";7981 $message .= __( 'If this was a mistake, ignore this email and nothing will happen.' ) . "\r\n\r\n";7982 $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n";7983 $message .= network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user_login ), 'login' ) . "\r\n\r\n";7984 7985 $requester_ip = $_SERVER['REMOTE_ADDR'];7986 if ( $requester_ip ) {7987 $message .= sprintf(7988 /* translators: %s: IP address of password reset requester. */7989 __( 'This password reset request originated from the IP address %s.' ),7990 $requester_ip7991 ) . "\r\n";7992 }7993 7994 /* translators: Password reset notification email subject. %s: Site title. */7995 $title = sprintf( __( '[%s] Password Reset' ), $site_name );7996 7997 /**7998 * Filters the subject of the password reset email.7999 *8000 * @since 2.8.08001 * @since 4.4.0 Added the `$user_login` and `$user_data` parameters.8002 *8003 * @param string $title Email subject.8004 * @param string $user_login The username for the user.8005 * @param WP_User $user_data WP_User object.8006 */8007 $title = apply_filters( 'retrieve_password_title', $title, $user_login, $user_data );8008 8009 /**8010 * Filters the message body of the password reset mail.8011 *8012 * If the filtered message is empty, the password reset email will not be sent.8013 *8014 * @since 2.8.08015 * @since 4.1.0 Added `$user_login` and `$user_data` parameters.8016 *8017 * @param string $message Email message.8018 * @param string $key The activation key.8019 * @param string $user_login The username for the user.8020 * @param WP_User $user_data WP_User object.8021 */8022 $message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data );8023 8024 if ( $message && ! wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) {8025 $errors->add(8026 'retrieve_password_email_failure',8027 sprintf(8028 /* translators: %s: Documentation URL. */8029 __( '<strong>Error</strong>: The email could not be sent. Your site may not be correctly configured to send emails. <a href="%s">Get support for resetting your password</a>.' ),8030 esc_url( __( 'https://wordpress.org/support/article/resetting-your-password/' ) )8031 )8032 );8033 return $errors;8034 }8035 8036 return true;8037 } -
trunk/src/wp-includes/user.php
r49970 r50140 2657 2657 2658 2658 /** 2659 * Handles sending a password retrieval email to a user. 2660 * 2661 * @since 2.5.0 2662 * @since 5.7.0 Added `$user_login` parameter. 2663 * 2664 * @global wpdb $wpdb WordPress database abstraction object. 2665 * @global PasswordHash $wp_hasher Portable PHP password hashing framework. 2666 * 2667 * @param string $user_login Optional user_login, default null. Uses 2668 * `$_POST['user_login']` if `$user_login` not set. 2669 * @return true|WP_Error True when finished, WP_Error object on error. 2670 */ 2671 function retrieve_password( $user_login = null ) { 2672 $errors = new WP_Error(); 2673 $user_data = false; 2674 2675 // Use the passed $user_login if available, otherwise use $_POST['user_login']. 2676 if ( ! $user_login && ! empty( $_POST['user_login'] ) ) { 2677 $user_login = $_POST['user_login']; 2678 } 2679 2680 if ( empty( $user_login ) ) { 2681 $errors->add( 'empty_username', __( '<strong>Error</strong>: Please enter a username or email address.' ) ); 2682 } elseif ( strpos( $user_login, '@' ) ) { 2683 $user_data = get_user_by( 'email', trim( wp_unslash( $user_login ) ) ); 2684 if ( empty( $user_data ) ) { 2685 $errors->add( 'invalid_email', __( '<strong>Error</strong>: There is no account with that username or email address.' ) ); 2686 } 2687 } else { 2688 $user_data = get_user_by( 'login', trim( wp_unslash( $user_login ) ) ); 2689 } 2690 2691 /** 2692 * Filters the user data during a password reset request. 2693 * 2694 * Allows, for example, custom validation using data other than username or email address. 2695 * 2696 * @since 5.7.0 2697 * 2698 * @param WP_User|false $user_data WP_User object if found, false if the user does not exist. 2699 * @param WP_Error $errors A WP_Error object containing any errors generated 2700 * by using invalid credentials. 2701 */ 2702 $user_data = apply_filters( 'lostpassword_user_data', $user_data, $errors ); 2703 2704 /** 2705 * Fires before errors are returned from a password reset request. 2706 * 2707 * @since 2.1.0 2708 * @since 4.4.0 Added the `$errors` parameter. 2709 * @since 5.4.0 Added the `$user_data` parameter. 2710 * 2711 * @param WP_Error $errors A WP_Error object containing any errors generated 2712 * by using invalid credentials. 2713 * @param WP_User|false $user_data WP_User object if found, false if the user does not exist. 2714 */ 2715 do_action( 'lostpassword_post', $errors, $user_data ); 2716 2717 /** 2718 * Filters the errors encountered on a password reset request. 2719 * 2720 * The filtered WP_Error object may, for example, contain errors for an invalid 2721 * username or email address. A WP_Error object should always be returned, 2722 * but may or may not contain errors. 2723 * 2724 * If any errors are present in $errors, this will abort the password reset request. 2725 * 2726 * @since 5.5.0 2727 * 2728 * @param WP_Error $errors A WP_Error object containing any errors generated 2729 * by using invalid credentials. 2730 * @param WP_User|false $user_data WP_User object if found, false if the user does not exist. 2731 */ 2732 $errors = apply_filters( 'lostpassword_errors', $errors, $user_data ); 2733 2734 if ( $errors->has_errors() ) { 2735 return $errors; 2736 } 2737 2738 if ( ! $user_data ) { 2739 $errors->add( 'invalidcombo', __( '<strong>Error</strong>: There is no account with that username or email address.' ) ); 2740 return $errors; 2741 } 2742 2743 // Redefining user_login ensures we return the right case in the email. 2744 $user_login = $user_data->user_login; 2745 $user_email = $user_data->user_email; 2746 $key = get_password_reset_key( $user_data ); 2747 2748 if ( is_wp_error( $key ) ) { 2749 return $key; 2750 } 2751 2752 if ( is_multisite() ) { 2753 $site_name = get_network()->site_name; 2754 } else { 2755 /* 2756 * The blogname option is escaped with esc_html on the way into the database 2757 * in sanitize_option. We want to reverse this for the plain text arena of emails. 2758 */ 2759 $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); 2760 } 2761 2762 $message = __( 'Someone has requested a password reset for the following account:' ) . "\r\n\r\n"; 2763 /* translators: %s: Site name. */ 2764 $message .= sprintf( __( 'Site Name: %s' ), $site_name ) . "\r\n\r\n"; 2765 /* translators: %s: User login. */ 2766 $message .= sprintf( __( 'Username: %s' ), $user_login ) . "\r\n\r\n"; 2767 $message .= __( 'If this was a mistake, ignore this email and nothing will happen.' ) . "\r\n\r\n"; 2768 $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n"; 2769 $message .= network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user_login ), 'login' ) . "\r\n\r\n"; 2770 2771 $requester_ip = $_SERVER['REMOTE_ADDR']; 2772 if ( $requester_ip ) { 2773 $message .= sprintf( 2774 /* translators: %s: IP address of password reset requester. */ 2775 __( 'This password reset request originated from the IP address %s.' ), 2776 $requester_ip 2777 ) . "\r\n"; 2778 } 2779 2780 /* translators: Password reset notification email subject. %s: Site title. */ 2781 $title = sprintf( __( '[%s] Password Reset' ), $site_name ); 2782 2783 /** 2784 * Filters the subject of the password reset email. 2785 * 2786 * @since 2.8.0 2787 * @since 4.4.0 Added the `$user_login` and `$user_data` parameters. 2788 * 2789 * @param string $title Email subject. 2790 * @param string $user_login The username for the user. 2791 * @param WP_User $user_data WP_User object. 2792 */ 2793 $title = apply_filters( 'retrieve_password_title', $title, $user_login, $user_data ); 2794 2795 /** 2796 * Filters the message body of the password reset mail. 2797 * 2798 * If the filtered message is empty, the password reset email will not be sent. 2799 * 2800 * @since 2.8.0 2801 * @since 4.1.0 Added `$user_login` and `$user_data` parameters. 2802 * 2803 * @param string $message Email message. 2804 * @param string $key The activation key. 2805 * @param string $user_login The username for the user. 2806 * @param WP_User $user_data WP_User object. 2807 */ 2808 $message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data ); 2809 2810 if ( $message && ! wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) { 2811 $errors->add( 2812 'retrieve_password_email_failure', 2813 sprintf( 2814 /* translators: %s: Documentation URL. */ 2815 __( '<strong>Error</strong>: The email could not be sent. Your site may not be correctly configured to send emails. <a href="%s">Get support for resetting your password</a>.' ), 2816 esc_url( __( 'https://wordpress.org/support/article/resetting-your-password/' ) ) 2817 ) 2818 ); 2819 return $errors; 2820 } 2821 2822 return true; 2823 } 2824 2825 /** 2659 2826 * Handles resetting the user's password. 2660 2827 *
Note: See TracChangeset
for help on using the changeset viewer.