WordPress.org

Make WordPress Core

Opened 21 months ago

Last modified 6 weeks ago

#21352 new enhancement

wp_lostpassword_url() on multisite

Reported by: philly max Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 3.3
Component: Login and Registration Keywords: needs-patch
Focuses: multisite Cc:

Description

The wp_lostpassword_url() function on Multisite outputs the link to the primary domain not the current domain.

Although it works its not what should be expected if a user is registered to use blog ID 2 but not Blog ID 1.

The lost password email generated also links back to the primary domain not the current domain.

Attachments (2)

lost_password_multisite_patch.diff (1.6 KB) - added by philly max 21 months ago.
21352.diff (813 bytes) - added by jamescollins 8 months ago.

Download all attachments as: .zip

Change History (20)

comment:2 wonderboymusic20 months ago

  • Keywords dev-feedback added

comment:3 follow-up: wpmuguru16 months ago

I would prefer to see this send the link for the user's primary blog if they have one and the current site when they don't.

comment:4 jamescollins13 months ago

#23874 was marked as a duplicate.

comment:5 sunnyratilal13 months ago

  • Cc ratilal.sunny@… added

comment:6 sunnyratilal13 months ago

Is there an ETA as to when this will get merged into Core?

comment:7 SergeyBiryukov12 months ago

Closed #24174 as a duplicate.

comment:8 SergeyBiryukov12 months ago

  • Version changed from 3.4.1 to 3.3

The change in wp_lostpassword_url() was introduced in [19027]. See comment:1 for the changes in lost password email.

comment:9 in reply to: ↑ 3 ; follow-up: jeremyfelt8 months ago

  • Keywords needs-patch added; has-patch dev-feedback removed
  • Milestone changed from Awaiting Review to Future Release

Replying to wpmuguru:

I would prefer to see this send the link for the user's primary blog if they have one and the current site when they don't.

+1 for this approach.

jamescollins8 months ago

comment:10 in reply to: ↑ 9 ; follow-up: jamescollins8 months ago

  • Keywords has-patch added; needs-patch removed

Replying to jeremyfelt:

Replying to wpmuguru:

I would prefer to see this send the link for the user's primary blog if they have one and the current site when they don't.

+1 for this approach.

21352.diff implements this suggestion.

If using WordPress multisite, use the user's primary blog (falling back to the current site when they don't have a primary blog).
If no-one is logged in, then the current site is used.

comment:11 SergeyBiryukov8 months ago

  • Milestone changed from Future Release to 3.7

comment:12 nacin7 months ago

In order to do this, wp_lostpassword_url() should probably gain a $user parameter. Otherwise this function goes from being a utility function to one that uses global scope.

Imagine a plugin that, at a super admin's request, sends a lost password email to a user. The primary site of the super admin would be used, which would be incorrect.

comment:13 nacin7 months ago

  • Milestone changed from 3.7 to Future Release

comment:14 jeremyfelt5 months ago

  • Keywords needs-patch added; has-patch removed
  • Type changed from defect (bug) to enhancement

comment:15 jeremyfelt3 months ago

  • Component changed from Multisite to Login and Registration
  • Focuses multisite added

comment:16 in reply to: ↑ 10 amandafrench2 months ago

Thanks for these patches -- they've solved this annoying issue on my network.

Replying to jamescollins:

Replying to jeremyfelt:

Replying to wpmuguru:

I would prefer to see this send the link for the user's primary blog if they have one and the current site when they don't.

+1 for this approach.

21352.diff implements this suggestion.

If using WordPress multisite, use the user's primary blog (falling back to the current site when they don't have a primary blog).
If no-one is logged in, then the current site is used.

comment:17 strangerstudios6 weeks ago

I can do a patch that includes a $user parameter defaulting to $current_user->ID if that's what is needed for this to get official release.

comment:18 strangerstudios6 weeks ago

I've been working on this for a site. I'm not sure the attached diffs make sense anymore. (They rely on $current_user to figure out the URL, but people aren't logged in when requesting a password reset. Maybe I'm missing something.)

Anyway, on the site I'm working on, here is the plugin I put together that updates the lost password URL and the reset URL in the email that goes out to be for the site where the lost password request originated rather than the primary domain. It basically swaps out network_site_url() for site_url().

https://gist.github.com/strangerstudios/9487278

I could see cases where you do want password resets to come from/go to the primary domain. So maybe this is best solved by a plugin. My plugin above could also be adjusted to work in the case where you want subsite admin resets to happen on their own blogs.

Open to suggestions for the plugin as well as ways this might be incorporated into core. Thanks.

Note: See TracTickets for help on using tickets.