Beispiel #1
0
 /**
  * handle the password retrieval procedure
  *
  * The user has entered his user name or email address in order to
  * receive a new password. Now, let's check if that is possible
  * If yes, send him or her a code for resetting his or her password
  *
  * @return WP_Error event if code could not be sent to the user
  */
 public static function handle_code_retrieval()
 {
     // Prevent Cross-Site-Request-Forgery
     if (!Handlers::is_nonce_ok('code_retrieval_form')) {
         return new \WP_Error('nonce', __('There seems to be a security issue. Please do not continue, but inform us!', 'YALW'), 'error');
     }
     Session::set_user_login(trim($_POST['YALW_user_login']));
     $user_data = Handlers::get_user_data_by(Session::get_user_login());
     if (is_wp_error($user_data)) {
         return $user_data;
     }
     do_action('retrieve_password', $user_data->user_login);
     /*
      * check if the user may reset his or her password
      * the range of possible return types of apply_filters makes it useless
      * to move this stuff in a separate function, IMHO.
      */
     $allowed = apply_filters('allow_password_reset', true, $user_data->ID);
     if (!$allowed) {
         return new \WP_Error('no_password_reset', __('Password reset is not allowed for this user', 'YALW'), 'warn');
     } else {
         if (is_wp_error($allowed)) {
             return $allowed;
         }
     }
     $send_status = Handlers::send_reset_code($user_data);
     if (is_wp_error($send_status)) {
         return $send_status;
     }
     // We only save the user_login and the ID for later use, not the whole WP_User -- we don't need to
     Session::set_user_login($user_data->user_login);
     Session::set_user_id($user_data->ID);
     Session::set_next_widget_task('check_code');
     return new \WP_Error('email_sent', __('You should have received an email with a reset code. Please check your inbox.', 'YALW'), 'info');
 }