Opened 12 years ago
Last modified 3 years ago
#21352 new enhancement
wp_lostpassword_url() on multisite
Reported by: | philly max | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 3.3 |
Component: | Login and Registration | Keywords: | needs-patch |
Focuses: | multisite | Cc: |
Description
The wp_lostpassword_url() function on Multisite outputs the link to the primary domain not the current domain.
Although it works its not what should be expected if a user is registered to use blog ID 2 but not Blog ID 1.
The lost password email generated also links back to the primary domain not the current domain.
Attachments (2)
Change History (38)
#3
follow-up:
↓ 9
@
12 years ago
I would prefer to see this send the link for the user's primary blog if they have one and the current site when they don't.
#9
in reply to:
↑ 3
;
follow-up:
↓ 10
@
11 years ago
- Keywords needs-patch added; has-patch dev-feedback removed
- Milestone changed from Awaiting Review to Future Release
Replying to wpmuguru:
I would prefer to see this send the link for the user's primary blog if they have one and the current site when they don't.
+1 for this approach.
#10
in reply to:
↑ 9
;
follow-up:
↓ 16
@
11 years ago
- Keywords has-patch added; needs-patch removed
Replying to jeremyfelt:
Replying to wpmuguru:
I would prefer to see this send the link for the user's primary blog if they have one and the current site when they don't.
+1 for this approach.
21352.diff
implements this suggestion.
If using WordPress multisite, use the user's primary blog (falling back to the current site when they don't have a primary blog).
If no-one is logged in, then the current site is used.
#12
@
11 years ago
In order to do this, wp_lostpassword_url() should probably gain a $user parameter. Otherwise this function goes from being a utility function to one that uses global scope.
Imagine a plugin that, at a super admin's request, sends a lost password email to a user. The primary site of the super admin would be used, which would be incorrect.
#14
@
11 years ago
- Keywords needs-patch added; has-patch removed
- Type changed from defect (bug) to enhancement
#15
@
11 years ago
- Component changed from Multisite to Login and Registration
- Focuses multisite added
#16
in reply to:
↑ 10
@
11 years ago
Thanks for these patches -- they've solved this annoying issue on my network.
Replying to jamescollins:
Replying to jeremyfelt:
Replying to wpmuguru:
I would prefer to see this send the link for the user's primary blog if they have one and the current site when they don't.
+1 for this approach.
21352.diff
implements this suggestion.
If using WordPress multisite, use the user's primary blog (falling back to the current site when they don't have a primary blog).
If no-one is logged in, then the current site is used.
#17
@
11 years ago
I can do a patch that includes a $user parameter defaulting to $current_user->ID if that's what is needed for this to get official release.
#18
follow-up:
↓ 19
@
11 years ago
I've been working on this for a site. I'm not sure the attached diffs make sense anymore. (They rely on $current_user to figure out the URL, but people aren't logged in when requesting a password reset. Maybe I'm missing something.)
Anyway, on the site I'm working on, here is the plugin I put together that updates the lost password URL and the reset URL in the email that goes out to be for the site where the lost password request originated rather than the primary domain. It basically swaps out network_site_url() for site_url().
https://gist.github.com/strangerstudios/9487278
I could see cases where you do want password resets to come from/go to the primary domain. So maybe this is best solved by a plugin. My plugin above could also be adjusted to work in the case where you want subsite admin resets to happen on their own blogs.
Open to suggestions for the plugin as well as ways this might be incorporated into core. Thanks.
#19
in reply to:
↑ 18
@
10 years ago
Anyway, on the site I'm working on, here is the plugin I put together that updates the lost password URL and the reset URL in the email that goes out to be for the site where the lost password request originated rather than the primary domain. It basically swaps out network_site_url() for site_url().
I tried this plugin but it didn't seem to have any effect. (Copied php file to plugins folder, as network admin I clicked 'Activate for all sites'.) The emails remained unchanged.
I also tried the <a href="https://core.trac.wordpress.org/attachment/ticket/21352/lost_password_multisite_patch.diff">patch</a> attached to this bug, which also had no effect. The emails being sent to lost password users again remained unchanged.
I wonder what I'm doing wrong.
#20
follow-up:
↓ 21
@
10 years ago
I'm having this issue on my multi-site network now. It's very confusing for users on my sub-site (which is a membership site) to click the lost password link and then get an email with the main site's name and domain. It's also links them back to the main site to reset their email. Then the "success" please login form... logs them into the main site and not the sub site they are trying to reset their password form.
How do we change this?
#21
in reply to:
↑ 20
;
follow-up:
↓ 22
@
10 years ago
Replying to foodin65:
I'm having this issue on my multi-site network now. It's very confusing for users on my sub-site (which is a membership site) to click the lost password link and then get an email with the main site's name and domain. It's also links them back to the main site to reset their email. Then the "success" please login form... logs them into the main site and not the sub site they are trying to reset their password form.
How do we change this?
I'm using the following filter on network_site_url
and it seems to give the functionality that you are describing.
https://gist.github.com/Trii/32498eb95b13caf66d69
<?php // rewrite "network" URLs to site_url except for URLs that truly need it add_filter( 'network_site_url', function($url, $path = '', $scheme = null ) { // Normalize path in case people pass in a leading / $path = ltrim( $path, '/' ); // According to my pal grep, a call to `network_site_url` with no path // means they are intentionally linking to the main network site. // Specific requests for the network admin interface should also // remain the same if ( !$path || strpos( $path, 'wp-admin/network' ) === 0 ) { return $url; } return site_url($path, $scheme); }); ?>
#22
in reply to:
↑ 21
;
follow-up:
↓ 23
@
10 years ago
Pardon my ignorance, but were do I insert this code to fix the problem?
Replying to Tree2054:
Replying to foodin65:
I'm having this issue on my multi-site network now. It's very confusing for users on my sub-site (which is a membership site) to click the lost password link and then get an email with the main site's name and domain. It's also links them back to the main site to reset their email. Then the "success" please login form... logs them into the main site and not the sub site they are trying to reset their password form.
How do we change this?
I'm using the following filter on
network_site_url
and it seems to give the functionality that you are describing.
https://gist.github.com/Trii/32498eb95b13caf66d69
<?php // rewrite "network" URLs to site_url except for URLs that truly need it add_filter( 'network_site_url', function($url, $path = '', $scheme = null ) { // Normalize path in case people pass in a leading / $path = ltrim( $path, '/' ); // According to my pal grep, a call to `network_site_url` with no path // means they are intentionally linking to the main network site. // Specific requests for the network admin interface should also // remain the same if ( !$path || strpos( $path, 'wp-admin/network' ) === 0 ) { return $url; } return site_url($path, $scheme); }); ?>
#23
in reply to:
↑ 22
;
follow-up:
↓ 24
@
10 years ago
Replying to landshark:
Pardon my ignorance, but were do I insert this code to fix the problem?
You would need to add it in your own plugin somewhere
Replying to Tree2054:
Replying to foodin65:
I'm having this issue on my multi-site network now. It's very confusing for users on my sub-site (which is a membership site) to click the lost password link and then get an email with the main site's name and domain. It's also links them back to the main site to reset their email. Then the "success" please login form... logs them into the main site and not the sub site they are trying to reset their password form.
How do we change this?
I'm using the following filter on
network_site_url
and it seems to give the functionality that you are describing.
https://gist.github.com/Trii/32498eb95b13caf66d69
<?php // rewrite "network" URLs to site_url except for URLs that truly need it add_filter( 'network_site_url', function($url, $path = '', $scheme = null ) { // Normalize path in case people pass in a leading / $path = ltrim( $path, '/' ); // According to my pal grep, a call to `network_site_url` with no path // means they are intentionally linking to the main network site. // Specific requests for the network admin interface should also // remain the same if ( !$path || strpos( $path, 'wp-admin/network' ) === 0 ) { return $url; } return site_url($path, $scheme); }); ?>
#24
in reply to:
↑ 23
@
10 years ago
OK I'm revisiting this problem, I created a plugin file and inserted this code. It is now an active plugin on my multisite network
Unfortunately,when I go to xyz.mydomain.com/wp-login and click on reset password, I'm taken to the main site reset password page (mydomain.com/wp-login.php?action=lostpassword). Of course the email that is sent also contains links back to the main site not the subsite.
Is there something I'm missing?
Reply
Replying to Tree2054:
Replying to landshark:
Pardon my ignorance, but were do I insert this code to fix the problem?
You would need to add it in your own plugin somewhere
#25
follow-up:
↓ 27
@
10 years ago
Here's my take on a workaround: https://gist.github.com/eteubert/293e07a49f56f300ddbb
#27
in reply to:
↑ 25
@
10 years ago
Replying to eteubert:
Here's my take on a workaround: https://gist.github.com/eteubert/293e07a49f56f300ddbb
We've installed this, all works well so far. Thanks @eteubert !
#30
@
7 years ago
Brain dump:
This behaviour is confusing for several reasons:
- Users may not be aware of the relationship between a site and its "main" site. They may not be aware of the existence or role of multisite at all.
- The main site may not use the same language as the site the user is trying to log in to. The user may not understand the language of the main site, meaning they're unable to follow the password reset instructions.
- After resetting their password, they're sent to the admin area for the main site, which was not probably not their original destination.
When the user does reset their password, they're subsequently sent an email notification that they've reset their password for the main site. There's no mention of the site that they were attempting to log in to.
It looks like there are quite a few considerations that need to be thought about that relate to how WordPress deals with sites and how it communicates to the user about sites or the main site.
#31
@
5 years ago
The behaviour of register, activate, login, lost password and reset password links is inconsistent in general in a network install. I've tried to describe the behaviour below.
Context: I am in the root blog
wp-signup.php (stays in same blog)
wp-activate.php (stays in same blog)
wp-login.php
- log in (stays in same blog)
- lost password and the redirect location after (stays in same blog)
- reset password (link to it in email) and the redirect location after (stays in same blog)
Context: I am in a blog
wp-signup.php (jumps to root blog)
wp-activate.php (stays in same blog)
wp-login.php
- log in (stays in same blog)
- lost password and the redirect location after (jumps to root blog)
- reset password (link to it in email) and the redirect after (jumps to root blog)
I don't see a reason why we should jump to a different blog. Blogs can use different languages as @johnbillion pointed out above and jumping will cause confusion for the user.
Related: [12697], [13884], [19705]