WordPress.org

Make WordPress Core

Opened 3 years ago

Last modified 3 months ago

#21352 new enhancement

wp_lostpassword_url() on multisite

Reported by: philly max Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 3.3
Component: Login and Registration Keywords: needs-patch
Focuses: multisite Cc:

Description

The wp_lostpassword_url() function on Multisite outputs the link to the primary domain not the current domain.

Although it works its not what should be expected if a user is registered to use blog ID 2 but not Blog ID 1.

The lost password email generated also links back to the primary domain not the current domain.

Attachments (2)

lost_password_multisite_patch.diff (1.6 KB) - added by philly max 3 years ago.
21352.diff (813 bytes) - added by jamescollins 19 months ago.

Download all attachments as: .zip

Change History (26)

comment:2 @wonderboymusic2 years ago

  • Keywords dev-feedback added

comment:3 follow-up: @wpmuguru2 years ago

I would prefer to see this send the link for the user's primary blog if they have one and the current site when they don't.

comment:4 @jamescollins2 years ago

#23874 was marked as a duplicate.

comment:5 @sunnyratilal2 years ago

  • Cc ratilal.sunny@… added

comment:6 @sunnyratilal2 years ago

Is there an ETA as to when this will get merged into Core?

comment:7 @SergeyBiryukov23 months ago

Closed #24174 as a duplicate.

comment:8 @SergeyBiryukov23 months ago

  • Version changed from 3.4.1 to 3.3

The change in wp_lostpassword_url() was introduced in [19027]. See comment:1 for the changes in lost password email.

comment:9 in reply to: ↑ 3 ; follow-up: @jeremyfelt19 months ago

  • Keywords needs-patch added; has-patch dev-feedback removed
  • Milestone changed from Awaiting Review to Future Release

Replying to wpmuguru:

I would prefer to see this send the link for the user's primary blog if they have one and the current site when they don't.

+1 for this approach.

@jamescollins19 months ago

comment:10 in reply to: ↑ 9 ; follow-up: @jamescollins19 months ago

  • Keywords has-patch added; needs-patch removed

Replying to jeremyfelt:

Replying to wpmuguru:

I would prefer to see this send the link for the user's primary blog if they have one and the current site when they don't.

+1 for this approach.

21352.diff implements this suggestion.

If using WordPress multisite, use the user's primary blog (falling back to the current site when they don't have a primary blog).
If no-one is logged in, then the current site is used.

comment:11 @SergeyBiryukov19 months ago

  • Milestone changed from Future Release to 3.7

comment:12 @nacin17 months ago

In order to do this, wp_lostpassword_url() should probably gain a $user parameter. Otherwise this function goes from being a utility function to one that uses global scope.

Imagine a plugin that, at a super admin's request, sends a lost password email to a user. The primary site of the super admin would be used, which would be incorrect.

comment:13 @nacin17 months ago

  • Milestone changed from 3.7 to Future Release

comment:14 @jeremyfelt16 months ago

  • Keywords needs-patch added; has-patch removed
  • Type changed from defect (bug) to enhancement

comment:15 @jeremyfelt14 months ago

  • Component changed from Multisite to Login and Registration
  • Focuses multisite added

comment:16 in reply to: ↑ 10 @amandafrench13 months ago

Thanks for these patches -- they've solved this annoying issue on my network.

Replying to jamescollins:

Replying to jeremyfelt:

Replying to wpmuguru:

I would prefer to see this send the link for the user's primary blog if they have one and the current site when they don't.

+1 for this approach.

21352.diff implements this suggestion.

If using WordPress multisite, use the user's primary blog (falling back to the current site when they don't have a primary blog).
If no-one is logged in, then the current site is used.

comment:17 @strangerstudios12 months ago

I can do a patch that includes a $user parameter defaulting to $current_user->ID if that's what is needed for this to get official release.

comment:18 follow-up: @strangerstudios12 months ago

I've been working on this for a site. I'm not sure the attached diffs make sense anymore. (They rely on $current_user to figure out the URL, but people aren't logged in when requesting a password reset. Maybe I'm missing something.)

Anyway, on the site I'm working on, here is the plugin I put together that updates the lost password URL and the reset URL in the email that goes out to be for the site where the lost password request originated rather than the primary domain. It basically swaps out network_site_url() for site_url().

https://gist.github.com/strangerstudios/9487278

I could see cases where you do want password resets to come from/go to the primary domain. So maybe this is best solved by a plugin. My plugin above could also be adjusted to work in the case where you want subsite admin resets to happen on their own blogs.

Open to suggestions for the plugin as well as ways this might be incorporated into core. Thanks.

comment:19 in reply to: ↑ 18 @oldmankit6 months ago

Anyway, on the site I'm working on, here is the plugin I put together that updates the lost password URL and the reset URL in the email that goes out to be for the site where the lost password request originated rather than the primary domain. It basically swaps out network_site_url() for site_url().

https://gist.github.com/strangerstudios/9487278

I tried this plugin but it didn't seem to have any effect. (Copied php file to plugins folder, as network admin I clicked 'Activate for all sites'.) The emails remained unchanged.

I also tried patch https://core.trac.wordpress.org/attachment/ticket/21352/lost_password_multisite_patch.diff attached to this bug, which also had no effect. The emails being sent to lost password users again remained unchanged.

I wonder what I'm doing wrong.

Last edited 6 months ago by oldmankit (previous) (diff)

comment:20 follow-up: @foodin655 months ago

I'm having this issue on my multi-site network now. It's very confusing for users on my sub-site (which is a membership site) to click the lost password link and then get an email with the main site's name and domain. It's also links them back to the main site to reset their email. Then the "success" please login form... logs them into the main site and not the sub site they are trying to reset their password form.

How do we change this?

comment:21 in reply to: ↑ 20 ; follow-up: @Tree20545 months ago

Replying to foodin65:

I'm having this issue on my multi-site network now. It's very confusing for users on my sub-site (which is a membership site) to click the lost password link and then get an email with the main site's name and domain. It's also links them back to the main site to reset their email. Then the "success" please login form... logs them into the main site and not the sub site they are trying to reset their password form.

How do we change this?

I'm using the following filter on network_site_url and it seems to give the functionality that you are describing.

https://gist.github.com/Trii/32498eb95b13caf66d69

<?php
// rewrite "network" URLs to site_url except for URLs that truly need it
add_filter( 'network_site_url', function($url, $path = '', $scheme = null ) {
        // Normalize path in case people pass in a leading /
        $path = ltrim( $path, '/' );

        // According to my pal grep, a call to `network_site_url` with no path
        // means they are intentionally linking to the main network site.
        // Specific requests for the network admin interface should also
        // remain the same
        if ( !$path || strpos( $path, 'wp-admin/network' ) === 0 ) {
            return $url;
        }

        return site_url($path, $scheme);
});
?>

comment:22 in reply to: ↑ 21 ; follow-up: @landshark4 months ago

Pardon my ignorance, but were do I insert this code to fix the problem?

Replying to Tree2054:

Replying to foodin65:

I'm having this issue on my multi-site network now. It's very confusing for users on my sub-site (which is a membership site) to click the lost password link and then get an email with the main site's name and domain. It's also links them back to the main site to reset their email. Then the "success" please login form... logs them into the main site and not the sub site they are trying to reset their password form.

How do we change this?

I'm using the following filter on network_site_url and it seems to give the functionality that you are describing.

https://gist.github.com/Trii/32498eb95b13caf66d69

<?php
// rewrite "network" URLs to site_url except for URLs that truly need it
add_filter( 'network_site_url', function($url, $path = '', $scheme = null ) {
        // Normalize path in case people pass in a leading /
        $path = ltrim( $path, '/' );

        // According to my pal grep, a call to `network_site_url` with no path
        // means they are intentionally linking to the main network site.
        // Specific requests for the network admin interface should also
        // remain the same
        if ( !$path || strpos( $path, 'wp-admin/network' ) === 0 ) {
            return $url;
        }

        return site_url($path, $scheme);
});
?>

comment:23 in reply to: ↑ 22 ; follow-up: @Tree20544 months ago

Replying to landshark:

Pardon my ignorance, but were do I insert this code to fix the problem?

You would need to add it in your own plugin somewhere

Replying to Tree2054:

Replying to foodin65:

I'm having this issue on my multi-site network now. It's very confusing for users on my sub-site (which is a membership site) to click the lost password link and then get an email with the main site's name and domain. It's also links them back to the main site to reset their email. Then the "success" please login form... logs them into the main site and not the sub site they are trying to reset their password form.

How do we change this?

I'm using the following filter on network_site_url and it seems to give the functionality that you are describing.

https://gist.github.com/Trii/32498eb95b13caf66d69

<?php
// rewrite "network" URLs to site_url except for URLs that truly need it
add_filter( 'network_site_url', function($url, $path = '', $scheme = null ) {
        // Normalize path in case people pass in a leading /
        $path = ltrim( $path, '/' );

        // According to my pal grep, a call to `network_site_url` with no path
        // means they are intentionally linking to the main network site.
        // Specific requests for the network admin interface should also
        // remain the same
        if ( !$path || strpos( $path, 'wp-admin/network' ) === 0 ) {
            return $url;
        }

        return site_url($path, $scheme);
});
?>

comment:24 in reply to: ↑ 23 @landshark3 months ago

OK I'm revisiting this problem, I created a plugin file and inserted this code. It is now an active plugin on my multisite network

Unfortunately,when I go to xyz.mydomain.com/wp-login and click on reset password, I'm taken to the main site reset password page (mydomain.com/wp-login.php?action=lostpassword). Of course the email that is sent also contains links back to the main site not the subsite.

Is there something I'm missing?

Reply

Replying to Tree2054:

Replying to landshark:

Pardon my ignorance, but were do I insert this code to fix the problem?

You would need to add it in your own plugin somewhere

Note: See TracTickets for help on using tickets.