/** * Update FluxBB password if user uses "lost password" */ function Register_FluxBB_PasswReset() { global $page, $user, $conf; if (isset($_POST['submit'])) { if ('reset' == $_GET['action']) { $user_id = check_password_reset_key($_GET['key']); $query = ' SELECT ' . $conf['user_fields']['username'] . ' AS username, mail_address FROM ' . USERS_TABLE . ' WHERE ' . $conf['user_fields']['id'] . ' = \'' . $user_id . '\' AND ' . $conf['user_fields']['username'] . ' NOT IN ("18","16") ;'; list($username, $mail_address) = pwg_db_fetch_row(pwg_query($query)); FluxBB_Updateuser($user_id, stripslashes($username), sha1($_POST['use_new_pwd']), $mail_address); } } }
/** * Return password reset handler form or redirect to password reset page when key is invalid. * * @param int $id * * @return null|string */ public function get_password_reset_handler_structure($id) { // Verify key / login combo $user = check_password_reset_key($_REQUEST['key'], $_REQUEST['login']); if (!$user || is_wp_error($user)) { if ($user && $user->get_error_code() === 'expired_key') { wp_redirect(pp_password_reset_url() . '?error=expiredkey'); } else { wp_redirect(pp_password_reset_url() . '?error=invalidkey'); } exit; } else { $handler_structure = PROFILEPRESS_sql::get_password_reset_handler_structure($id); $handler_structure .= '<input type="hidden" name="reset_key" value="' . esc_attr($_REQUEST['key']) . '">'; $handler_structure .= '<input type="hidden" name="reset_login" value="' . esc_attr($_REQUEST['login']) . '">'; } return $handler_structure; }
/** * Get the reset key and login from the cookie. * * @return void * @access protected * @since 1.4.0 */ protected function parse_reset_key() { $this->key = null; $this->login = null; if (!isset($_COOKIE['wp-resetpass-' . COOKIEHASH])) { return; } $cookie = $_COOKIE['wp-resetpass-' . COOKIEHASH]; if (!strpos($cookie, ':')) { return; } $cookie_parts = explode(':', wp_unslash($cookie), 2); list($login, $key) = array_map('sanitize_text_field', $cookie_parts); $user = check_password_reset_key($key, $login); if (is_wp_error($user)) { charitable_get_notices()->add_errors_from_wp_error($user); Charitable_User_Management::get_instance()->set_reset_cookie(); return; } /* Reset key / login is correct, display reset password form with hidden key / login values */ $this->key = $key; $this->login = $login; }
<?php login_footer('user_login'); break; case 'resetpass': case 'rp': list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI'])); $rp_cookie = 'wp-resetpass-' . COOKIEHASH; if (isset($_GET['key'])) { $value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key'])); setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true); wp_safe_redirect(remove_query_arg(array('key', 'login'))); exit; } if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) { list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2); $user = check_password_reset_key($rp_key, $rp_login); if (isset($_POST['pass1']) && !hash_equals($rp_key, $_POST['rp_key'])) { $user = false; } } else { $user = false; } if (!$user || is_wp_error($user)) { setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); if ($user && $user->get_error_code() === 'expired_key') { wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey')); } else { wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey')); } exit; }
> <?php // контэйнер с классами и id ?> <h1><?php the_title(); // заголовок ?> </h1> <?php the_content(); // контент ?> </article> <?php if (!isset($_GET['key']) || !isset($_GET['login']) || is_wp_error(check_password_reset_key($_GET['key'], $_GET['login']))) { // если параметры не передали или ф-я проверки вернула ошибку echo '<p>Ключ и (или) логин ни были переданы, либо не верны.</p>'; //resetpass } else { // если все ок показываем форму ?> <form name="resetpassform" id="resetpassform" action="" method="post" class="userform"> <input type="password" name="pass1" id="pass1" placeholder="Новый пароль"> <input type="password" name="pass2" id="pass2" placeholder="Повторите новый пароль"> <input type="hidden" name="key" value="<?php echo esc_attr($_GET['key']); ?> "><!-- переданные параметры сунем в скрытые поля --> <input type="hidden" name="login" value="<?php
/** * @ticket 32429 * @ticket 24783 */ function test_plaintext_user_activation_key_is_rejected() { global $wpdb; // A plaintext user_activation_key is one stored before hashing was introduced in WordPress 3.7. $key = wp_generate_password(20, false); $wpdb->update($wpdb->users, array('user_activation_key' => $key), array('ID' => $this->user->ID)); // A plaintext user_activation_key should not allow an otherwise valid key to be accepted $check = check_password_reset_key($key, $this->user->user_login); $this->assertInstanceOf('WP_Error', $check); // A plaintext user_activation_key should not allow an empty key to be accepted $check = check_password_reset_key('', $this->user->user_login); $this->assertInstanceOf('WP_Error', $check); }
<?php # TemaTres : aplicación para la gestión de lenguajes documentales # # # # # Copyright (C) 2004-2015 Diego Ferreyra tematres@r020.com.ar # Distribuido bajo Licencia GNU Public License, versión 2 (de junio de 1.991) Free Software Foundation # ############################################################################################################### # include "config.tematres.php"; $metadata = do_meta_tag(); if ($_GET["action"] == 'rp' && $_GET["key"]) { $chek_key = check_password_reset_key($_GET["key"], urldecode($_GET["login"])); if ($chek_key["user_id"] > 0) { $task_result = reset_password($chek_key); } } ?> <!DOCTYPE html> <html lang="<?php echo LANG; ?> "> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link href="<?php echo T3_WEBPATH; ?> bootstrap/css/bootstrap.min.css" rel="stylesheet">
function process_getpassword() { global $errors; $user = check_password_reset_key($_GET['key'], $_GET['login']); if (is_wp_error($user)) { wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey')); exit; } get_header(); //$this->pie_frontend_enqueu_scripts(); include_once "get_password.php"; $get_form = piereg_get_passwird(); echo $get_form; get_footer(); exit; }
/** * Retrieves a user row based on password reset key and login. * * @uses $wpdb WordPress Database object * * @param string $key Hash to validate sending user's password * @param string $login The user login * @return WP_User|bool User's database row on success, false for invalid keys */ public static function check_password_reset_key($key, $login) { // Check for the password reset key. // Get user data or an error message in case of invalid or expired key. $user = check_password_reset_key($key, $login); if (is_wp_error($user)) { wc_add_notice($user->get_error_message(), 'error'); return false; } return $user; }
/** * Returns HTML partial that contains password-reset form. * Based on WordPress core code from wp-login.php * * @since 1.0.0 * * @return string */ private function reset_form() { static $Reset_Result = null; if (null === $Reset_Result) { lib3()->array->equip_get('login', 'key'); lib3()->array->equip_post('pass1', 'pass2'); $rp_login = wp_unslash($_GET['login']); $rp_key = wp_unslash($_GET['key']); $err_msg = new WP_Error(); $fatal_error = false; lib3()->array->strip_slashes($_POST, 'pass1', 'pass2'); $pass1 = $_POST['pass1']; $pass2 = $_POST['pass2']; // Get the user object and validate the key. if ($rp_login && $rp_key) { $user = check_password_reset_key($rp_key, $rp_login); } else { $user = false; } if (!$user || is_wp_error($user)) { // If the user was not found then show an error message. if ($user && 'expired_key' == $user->get_error_code()) { $fatal_error = true; $err_msg->add('password_expired_key', __('Sorry, this reset-key is not valid anymore. Please request a new reset email and try again.', 'membership2')); } else { $fatal_error = true; $err_msg->add('password_invalid_key', __('Sorry, we did not find a valid reset-key. Please request a new reset email and try again.', 'membership2')); } } else { // If the user provided a new password, then check it now. if ($pass1 && $pass1 != $pass2) { $pass1 = false; $err_msg->add('password_reset_mismatch', __('The passwords do not match, try again.', 'membership2')); } } if ($fatal_error && count($err_msg->errors)) { $url = esc_url_raw(add_query_arg(array('show' => 'lostpass'), remove_query_arg(array('action', 'key', 'login')))); $Reset_Result = sprintf('[ms-note type="warning"]%s[/ms-note]<a href="%s">%s</a>', $err_msg->get_error_message(), $url, __('Request a new password-reset key', 'membership2')); } elseif ($pass1) { // This action is documented in wp-login.php do_action('validate_password_reset', $err_msg, $user); reset_password($user, $_POST['pass1']); // All done! Show success message and link to login form $url = esc_url_raw(remove_query_arg(array('action', 'key', 'login'))); $Reset_Result = sprintf('[ms-note type="info"]%s[/ms-note]<a href="%s">%s</a>', __('Your Password has been reset.', 'membership2'), $url, __('Login with your new password', 'membership2')); } else { // This action is documented in wp-login.php do_action('validate_password_reset', $err_msg, $user); wp_enqueue_script('utils'); wp_enqueue_script('user-profile'); ob_start(); if (count($err_msg->errors)) { printf('[ms-note type="warning"]%s[/ms-note]', implode('<br>', $err_msg->get_error_messages())); } ?> <form name="resetpassform" id="resetpassform" action="" method="post" autocomplete="off" class="ms-form"> <input type="hidden" id="user_login" value="<?php echo esc_attr($rp_login); ?> " autocomplete="off"/> <p class="user-pass1-wrap"> <label for="pass1"><?php _e('New password'); ?> </label><br /> <div class="wp-pwd"> <span class="password-input-wrapper"> <input type="password" data-reveal="1" data-pw="<?php echo esc_attr(wp_generate_password(16)); ?> " name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" aria-describedby="pass-strength-result" /> </span> <div id="pass-strength-result" class="hide-if-no-js" aria-live="polite"><?php _e('Strength indicator'); ?> </div> </div> </p> <p class="user-pass2-wrap"> <label for="pass2"><?php _e('Confirm new password'); ?> </label><br /> <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" /> </p> <p class="description indicator-hint"><?php echo wp_get_password_hint(); ?> </p> <br class="clear"/> <?php // This action is documented in wp-login.php do_action('resetpass_form', $user); ?> <p class="submit"> <input type="hidden" name="rp_key" value="<?php echo esc_attr($rp_key); ?> " /> <button type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large"> <?php _e('Reset Password', 'membership2'); ?> </button> </p> </form> <?php $html = ob_get_clean(); $Reset_Result = apply_filters('ms_compact_code', $html); } $Reset_Result = do_shortcode($Reset_Result); } return $Reset_Result; }
function reales_reset_pass_form() { $allowed_html = array(); $pass_1 = isset($_POST['pass_1']) ? wp_kses($_POST['pass_1'], $allowed_html) : ''; $pass_2 = isset($_POST['pass_2']) ? wp_kses($_POST['pass_2'], $allowed_html) : ''; $key = isset($_POST['key']) ? wp_kses($_POST['key'], $allowed_html) : ''; $login = isset($_POST['login']) ? wp_kses($_POST['login'], $allowed_html) : ''; if ($pass_1 == '' || $pass_2 == '') { echo json_encode(array('reset' => false, 'message' => __('Password field empty!', 'reales'))); exit; } $user = check_password_reset_key($key, $login); if (is_wp_error($user)) { if ($user->get_error_code() === 'expired_key') { echo json_encode(array('reset' => false, 'message' => __('Sorry, the link does not appear to be valid or is expired!', 'reales'))); exit; } else { echo json_encode(array('reset' => false, 'message' => __('Sorry, the link does not appear to be valid or is expired!', 'reales'))); exit; } } if (isset($pass_1) && $pass_1 != $pass_2) { echo json_encode(array('reset' => false, 'message' => __('The passwords do not match!', 'reales'))); exit; } else { reset_password($user, $pass_1); echo json_encode(array('reset' => true, 'message' => __('Your password has been reset.', 'reales'))); } die; }
/** * Proccesses the request * * Callback for "template_redirect" hook in template-loader.php * * @since 6.3 * @access public */ public function template_redirect() { $this->request_action = isset($_REQUEST['action']) ? sanitize_key($_REQUEST['action']) : ''; if (!$this->request_action && self::is_tml_page()) { $this->request_action = self::get_page_action(get_the_id()); } $this->request_instance = isset($_REQUEST['instance']) ? sanitize_key($_REQUEST['instance']) : 0; do_action_ref_array('tml_request', array(&$this)); // allow plugins to override the default actions, and to add extra actions if they want do_action('login_form_' . $this->request_action); if (has_action('tml_request_' . $this->request_action)) { do_action_ref_array('tml_request_' . $this->request_action, array(&$this)); } else { $http_post = 'POST' == $_SERVER['REQUEST_METHOD']; switch ($this->request_action) { case 'postpass': if (!array_key_exists('post_password', $_POST)) { wp_safe_redirect(wp_get_referer()); exit; } require_once ABSPATH . 'wp-includes/class-phpass.php'; $hasher = new PasswordHash(8, true); $expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS); if ($referer) { $secure = 'https' === parse_url($referer, PHP_URL_SCHEME); } else { $secure = false; } setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure); wp_safe_redirect(wp_get_referer()); exit; break; case 'logout': check_admin_referer('log-out'); $user = wp_get_current_user(); wp_logout(); if (!empty($_REQUEST['redirect_to'])) { $redirect_to = $requested_redirect_to = $_REQUEST['redirect_to']; } else { $redirect_to = site_url('wp-login.php?loggedout=true'); $requested_redirect_to = ''; } $redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user); wp_safe_redirect($redirect_to); exit; break; case 'lostpassword': case 'retrievepassword': if ($http_post) { $this->errors = self::retrieve_password(); if (!is_wp_error($this->errors)) { $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url('wp-login.php?checkemail=confirm'); wp_safe_redirect($redirect_to); exit; } } if (isset($_REQUEST['error'])) { if ('invalidkey' == $_REQUEST['error']) { $this->errors->add('invalidkey', __('Your password reset link appears to be invalid. Please request a new link below.', 'theme-my-login')); } elseif ('expiredkey' == $_REQUEST['error']) { $this->errors->add('expiredkey', __('Your password reset link has expired. Please request a new link below.', 'theme-my-login')); } } do_action('lost_password'); break; case 'resetpass': case 'rp': // Dirty hack for now global $rp_login, $rp_key; list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI'])); $rp_cookie = 'wp-resetpass-' . COOKIEHASH; if (isset($_GET['key'])) { $value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key'])); setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true); wp_safe_redirect(remove_query_arg(array('key', 'login'))); exit; } if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) { list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2); $user = check_password_reset_key($rp_key, $rp_login); if (isset($_POST['pass1']) && !hash_equals($rp_key, $_POST['rp_key'])) { $user = false; } } else { $user = false; } if (!$user || is_wp_error($user)) { setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); if ($user && $user->get_error_code() === 'expired_key') { wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey')); } else { wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey')); } exit; } if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $this->errors->add('password_reset_mismatch', __('The passwords do not match.', 'theme-my-login')); } do_action('validate_password_reset', $this->errors, $user); if (!$this->errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) { reset_password($user, $_POST['pass1']); setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); $redirect_to = site_url('wp-login.php?resetpass=complete'); wp_safe_redirect($redirect_to); exit; } wp_enqueue_script('utils'); wp_enqueue_script('user-profile'); break; case 'register': if (!get_option('users_can_register')) { $redirect_to = site_url('wp-login.php?registration=disabled'); wp_redirect($redirect_to); exit; } $user_login = ''; $user_email = ''; if ($http_post) { if ('email' == $this->get_option('login_type')) { $user_login = isset($_POST['user_email']) ? $_POST['user_email'] : ''; } else { $user_login = isset($_POST['user_login']) ? $_POST['user_login'] : ''; } $user_email = isset($_POST['user_email']) ? $_POST['user_email'] : ''; $this->errors = register_new_user($user_login, $user_email); if (!is_wp_error($this->errors)) { $redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : site_url('wp-login.php?checkemail=registered'); wp_safe_redirect($redirect_to); exit; } } break; case 'login': default: $secure_cookie = ''; $interim_login = isset($_REQUEST['interim-login']); // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('login', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } if (!empty($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } $reauth = empty($_REQUEST['reauth']) ? false : true; if ($http_post && isset($_POST['log'])) { $user = wp_signon('', $secure_cookie); $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); if (!is_wp_error($user) && !$reauth) { if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->ID); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url(); } } wp_safe_redirect($redirect_to); exit; } $this->errors = $user; } // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $reauth) { $this->errors = new WP_Error(); } // Some parts of this script use the main login form to display a message if (isset($_GET['loggedout']) && true == $_GET['loggedout']) { $this->errors->add('loggedout', __('You are now logged out.', 'theme-my-login'), 'message'); } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) { $this->errors->add('registerdisabled', __('User registration is currently not allowed.', 'theme-my-login')); } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) { $this->errors->add('confirm', __('Check your e-mail for the confirmation link.', 'theme-my-login'), 'message'); } elseif (isset($_GET['resetpass']) && 'complete' == $_GET['resetpass']) { $this->errors->add('password_reset', __('Your password has been reset.', 'theme-my-login'), 'message'); } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) { $this->errors->add('registered', __('Registration complete. Please check your e-mail.', 'theme-my-login'), 'message'); } elseif ($interim_login) { $this->errors->add('expired', __('Your session has expired. Please log-in again.', 'theme-my-login'), 'message'); } elseif (strpos($redirect_to, 'about.php?updated')) { $this->errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.', 'theme-my-login'), 'message'); } elseif ($reauth) { $this->errors->add('reauth', __('Please log in to continue.', 'theme-my-login'), 'message'); } // Clear any stale cookies. if ($reauth) { wp_clear_auth_cookie(); } break; } // end switch } // endif has_filter() }
/** * Returns HTML partial that contains password-reset form. * Based on WordPress core code from wp-login.php * * @since 1.0.0 * * @return string */ private function reset_form() { ob_start(); lib2()->array->equip_get('login', 'key'); $rp_login = wp_unslash($_GET['login']); $rp_key = wp_unslash($_GET['key']); $err_msg = new WP_Error(); // Get the user object and validate the key. if ($rp_login && $rp_key) { $user = check_password_reset_key($rp_key, $rp_login); } else { $user = false; } lib2()->array->strip_slashes($_POST, 'pass1', 'pass2'); // If the user was not found then redirect to an error page. if (!$user || is_wp_error($user)) { if ($user && 'expired_key' == $user->get_error_code()) { $err_msg->add('password_expired_key', __('The password-reset key is already expired.', MS_TEXT_DOMAIN)); } else { $err_msg->add('password_invalid_key', __('The password-reset key is invalid or missing.', MS_TEXT_DOMAIN)); } $url = esc_url_raw(remove_query_arg(array('action', 'key', 'login'))); return sprintf('<p>%s</p><p><a href="%s">%s</a>', $err_msg, $url, __('Request a new password-reset key', MS_TEXT_DOMAIN)); } else { // If the user provided a new password, then check it now. if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $err_msg->add('password_reset_mismatch', __('The passwords do not match.', MS_TEXT_DOMAIN)); } } // This action is documented in wp-login.php do_action('validate_password_reset', $err_msg, $user); if (!count($err_msg->errors) && isset($_POST['pass1']) && !empty($_POST['pass1'])) { reset_password($user, $_POST['pass1']); // All done! return __('Your Password has been reset.', MS_TEXT_DOMAIN); } wp_enqueue_script('utils'); wp_enqueue_script('user-profile'); if (count($err_msg->errors)) { echo '<p class="error">' . implode('<br/>', $err_msg->get_error_messages()) . '</p>'; } ?> <form name="resetpassform" id="resetpassform" action="" method="post" autocomplete="off"> <input type="hidden" id="user_login" value="<?php echo esc_attr($rp_login); ?> " autocomplete="off"/> <p> <label for="pass1"><?php _e('New password', MS_TEXT_DOMAIN); ?> <br/> <input type="password" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off"/></label> </p> <p> <label for="pass2"><?php _e('Confirm new password', MS_TEXT_DOMAIN); ?> <br/> <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off"/></label> </p> <div id="pass-strength-result" class="hide-if-no-js"><?php _e('Strength indicator', MS_TEXT_DOMAIN); ?> </div> <p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers, and symbols like ! " ? $ % ^ & ).', MS_TEXT_DOMAIN); ?> </p> <br class="clear"/> <?php // This action is documented in wp-login.php do_action('resetpass_form', $user); ?> <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Reset Password'); ?> "/></p> </form> <?php $html = ob_get_clean(); $html = apply_filters('ms_compact_code', $html); return $html; }
/** * checks the passwords, checks that user is allowed to reset his password, * update password, fills $page['errors'] and $page['infos']. * * @return bool (true if password was reset, false otherwise) */ function reset_password() { global $page, $conf; if ($_POST['use_new_pwd'] != $_POST['passwordConf']) { $page['errors'][] = l10n('The passwords do not match'); return false; } if (!isset($_GET['key'])) { $page['errors'][] = l10n('Invalid key'); } $user_id = check_password_reset_key($_GET['key']); if (!is_numeric($user_id)) { return false; } single_update(USERS_TABLE, array($conf['user_fields']['password'] => $conf['password_hash']($_POST['use_new_pwd'])), array($conf['user_fields']['id'] => $user_id)); single_update(USER_INFOS_TABLE, array('activation_key' => null, 'activation_key_expire' => null), array('user_id' => $user_id)); $page['infos'][] = l10n('Your password has been reset'); $page['infos'][] = '<a href="' . get_root_url() . 'identification.php">' . l10n('Login') . '</a>'; return true; }
/** * Return the user who is initiating the password reset, or false if not performing a reset * * @param string $rp_cookie Password reset cookie name * @since 2.3 * @return WP_User|false User object if reset key and login name exist and are valid, false if not */ function rcp_get_user_resetting_password( $rp_cookie ) { // check if the reset key and login name are valid if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) { list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 ); $user = check_password_reset_key( $rp_key, $rp_login ); } else { $user = false; } if ( is_wp_error( $user ) ) { $user = false; } return $user; }
/** * Resets the user's password if the password reset form was submitted. */ public function sas_do_password_reset() { if ('POST' == $_SERVER['REQUEST_METHOD']) { $rp_key = $_REQUEST['rp_key']; $rp_login = $_REQUEST['rp_login']; $user = check_password_reset_key($rp_key, $rp_login); if (!$user || is_wp_error($user)) { if ($user && $user->get_error_code() === 'expired_key') { wp_redirect(home_url('sas-login?login=expiredkey')); } else { wp_redirect(home_url('sas-login?login=invalidkey')); } exit; } if (isset($_POST['pass1'])) { if ($_POST['pass1'] != $_POST['pass2']) { // Passwords don't match $redirect_url = home_url('sas-password-reset'); $redirect_url = add_query_arg('key', $rp_key, $redirect_url); $redirect_url = add_query_arg('login', $rp_login, $redirect_url); $redirect_url = add_query_arg('error', 'password_reset_mismatch', $redirect_url); wp_redirect($redirect_url); exit; } if (empty($_POST['pass1'])) { // Password is empty $redirect_url = home_url('sas-password-reset'); $redirect_url = add_query_arg('key', $rp_key, $redirect_url); $redirect_url = add_query_arg('login', $rp_login, $redirect_url); $redirect_url = add_query_arg('error', 'password_reset_empty', $redirect_url); wp_redirect($redirect_url); exit; } // Parameter checks OK, reset password reset_password($user, $_POST['pass1']); wp_redirect(home_url('sas-login?password=changed')); } else { echo "Invalid request."; } exit; } }
function simplr_login_switch() { $options = get_option('simplr_reg_options'); if (!isset($_GET['action'])) { $_GET['action'] = 'login'; } $action = $_GET['action']; global $errors; switch ($action) { case 'logout': check_admin_referer('log-out'); wp_logout(); $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : 'wp-login.php?loggedout=true'; wp_safe_redirect($redirect_to); exit; break; case 'lostpassword': case 'retrievepassword': ?> <form name="lostpasswordform" id="lostpasswordform" action="<?php echo get_permalink($options->login_redirect); ?> ?action=lostpassword" method="post"> <p> <label><?php _e('Username or E-mail:', 'simplr-registration-form'); ?> <br /> <input type="text" name="user_login" id="user_login" class="input" value="" size="20" tabindex="10" /></label> </p> <?php do_action('lostpassword_form'); ?> <input type="hidden" name="redirect_to" value="<?php echo esc_attr(@$redirect_to); ?> " /> <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Get New Password', 'simplr-registration-form'); ?> " tabindex="100" /></p> </form> <p id="nav"> <a href="<?php echo site_url('wp-login.php', 'login'); ?> "><?php _e('Log in', 'simplr-registration-form'); ?> </a> <?php if (get_option('users_can_register')) { ?> | <a href="<?php echo site_url('wp-login.php?action=register', 'login'); ?> "><?php _e('Register', 'simplr-registration-form'); ?> </a> <?php } ?> </p> <?php login_footer('user_login'); break; case 'resetpass': case 'rp': $user = check_password_reset_key($_GET['key'], $_GET['login']); if (is_wp_error($user)) { wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey')); exit; } $errors = ''; if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.', 'simplr-registration-form')); } elseif (isset($_POST['pass1']) && !empty($_POST['pass1'])) { reset_password($user, $_POST['pass1']); login_header(__('Password Reset', 'simplr-registration-form'), '<p class="message reset-pass">' . __('Your password has been reset.', 'simplr-registration-form') . ' <a href="' . site_url('wp-login.php', 'login') . '">' . __('Log in', 'simplr-registration-form') . '</a></p>'); login_footer(); exit; } wp_enqueue_script('utils'); wp_enqueue_script('user-profile'); login_header(__('Reset Password', 'simplr-registration-form'), '<p class="message reset-pass">' . __('Enter your new password below.', 'simplr-registration-form') . '</p>', $errors); ?> <form name="resetpassform" id="resetpassform" action="<?php echo get_permalink($options->login_redirect) . '?action=resetpass&key=' . urlencode($_GET['key']) . '&login='******'login']); ?> " method="post"> <input type="hidden" id="user_login" value="<?php echo esc_attr($_GET['login']); ?> " autocomplete="off" /> <p> <label><?php _e('New password', 'simplr-registration-form'); ?> <br /> <input type="password" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" /></label> </p> <p> <label><?php _e('Confirm new password', 'simplr-registration-form'); ?> <br /> <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" /></label> </p> <div id="pass-strength-result" class="hide-if-no-js"><?php _e('Strength indicator', 'simplr-registration-form'); ?> </div> <p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).', 'simplr-registration-form'); ?> </p> <br class="clear" /> <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Reset Password', 'simplr-registration-form'); ?> " tabindex="100" /></p> </form> <p id="nav"> <a href="<?php echo site_url('wp-login.php', 'login'); ?> "><?php _e('Log in', 'simplr-registration-form'); ?> </a> <?php if (get_option('users_can_register')) { ?> | <a href="<?php echo site_url('wp-login.php?action=register', 'login'); ?> "><?php _e('Register', 'simplr-registration-form'); ?> </a> <?php } ?> </p> <?php login_footer('user_pass'); break; case 'login': default: $redirect_to = !isset($redirect_to) ? apply_filters('simplr_login_redirect', home_url(), $action) : $redirect_to; if (isset($_POST['log'])) { $user_login = '******' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ? esc_attr(stripslashes($_POST['log'])) : ''; } $rememberme = !empty($_POST['rememberme']); ?> <form name="loginform" id="loginform" action="<?php echo get_permalink($options->login_redirect); ?> ?action=<?php echo $action; ?> " method="post"> <p> <label><?php _e('Username', 'simplr-registration-form'); ?> <br /> <input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr(@$user_login); ?> " size="20" tabindex="10" /></label> </p> <p> <label><?php _e('Password', 'simplr-registration-form'); ?> <br /> <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" tabindex="20" /></label> </p> <?php do_action('login_form'); ?> <p class="forgetmenot"><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90"<?php checked($rememberme); ?> /> <?php esc_attr_e('Remember Me', 'simplr-registration-form'); ?> </label></p> <p class="submit"> <input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Log In', 'simplr-registration-form'); ?> " tabindex="100" /> <?php if (isset($interim_login)) { ?> <input type="hidden" name="interim-login" value="1" /> <?php } else { ?> <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?> " /> <?php } ?> <input type="hidden" name="testcookie" value="1" /> </p> </form> <?php if (!isset($interim_login)) { ?> <p id="nav"> <?php if (isset($_GET['checkemail']) && in_array($_GET['checkemail'], array('confirm', 'newpass'))) { ?> <?php } elseif (get_option('users_can_register')) { ?> <a href="<?php echo site_url('wp-login.php?action=register', 'login'); ?> "><?php _e('Register', 'simplr-registration-form'); ?> </a> | <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login'); ?> " title="<?php _e('Password Lost and Found', 'simplr-registration-form'); ?> "><?php _e('Lost your password?', 'simplr-registration-form'); ?> </a> <?php } else { ?> <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login'); ?> " title="<?php _e('Password Lost and Found', 'simplr-registration-form'); ?> "><?php _e('Lost your password?', 'simplr-registration-form'); ?> </a> <?php } ?> </p> <?php } ?> <script type="text/javascript"> function wp_attempt_focus(){ setTimeout( function(){ try{ <?php if (isset($user_login) || isset($interim_login)) { ?> d = document.getElementById('user_pass'); d.value = ''; <?php } else { ?> d = document.getElementById('user_login'); <?php if ('invalid_username' == @$errors->get_error_code()) { ?> if( d.value != '' ) d.value = ''; <?php } } ?> d.focus(); d.select(); } catch(e){} }, 200); } <?php if (!$error) { ?> wp_attempt_focus(); <?php } ?> if(typeof wpOnload=='function') wpOnload(); </script> <?php login_footer(); break; } // end action switch }
?> "><?php _e('Register'); ?> </a> <?php } ?> </p> <?php login_footer('user_login'); break; case 'resetpass': case 'rp': $user = check_password_reset_key($_GET['key'], $_GET['login']); if (is_wp_error($user)) { wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey')); exit; } $errors = new WP_Error(); if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $errors->add('password_reset_mismatch', __('The passwords do not match.')); } do_action('validate_password_reset', $errors, $user); if (!$errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) { reset_password($user, $_POST['pass1']); login_header(__('Password Reset'), '<p class="message reset-pass">' . __('Your password has been reset.') . ' <a href="' . esc_url(wp_login_url()) . '">' . __('Log in') . '</a></p>'); login_footer(); exit; }
function wp_doin_verify_user_key() { global $gf_reset_user; // analyze wp-login.php for a better understanding of these values list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI'])); $rp_cookie = 'wp-resetpass-' . COOKIEHASH; // lets redirect the user on pass change, so that nobody could spoof his key if (isset($_GET['key']) and isset($_GET['method'])) { if ($_GET['method'] == 'gf') { $value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key'])); setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true); wp_safe_redirect(remove_query_arg(array('key', 'login', 'method'))); exit; } } // lets compare the validation cookie with the hash key stored with the database data // if they match user data will be returned if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) { list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2); $user = check_password_reset_key($rp_key, $rp_login); if (isset($_POST['pass1']) && !hash_equals($rp_key, $_POST['rp_key'])) { $user = false; } } else { $user = false; } // if any error occured make sure to remove the validation cookie if (!$user || is_wp_error($user)) { setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); } // make sure our user is available for later reference $gf_reset_user = $user; }
function pieOutputLoginForm($piereg_widget = false) { $users_can_register = get_option("users_can_register"); $option = get_option("pie_register_2"); $form_data = ""; $form_data .= '<div class="piereg_container"> <div class="piereg_login_container"> <div class="piereg_login_wrapper">'; //If Registration contanis errors global $wp_session, $errors; $newpasspageLock = 0; if (isset($_GET['payment']) && $_GET['payment'] == "success") { $fields = maybe_unserialize(get_option("pie_fields")); $login_success = apply_filters("piereg_success_message", __($fields['submit']['message'], "piereg")); unset($fields); } elseif (isset($_GET['payment']) && $_GET['payment'] == "cancel") { /******************************************************/ /*$user_id = intval(base64_decode($_GET['pay_id'])); $user_data = get_userdata($user_id); if(is_object($user_data)){ $form = new Registration_form(); $option = get_option( 'pie_register_2' ); $subject = html_entity_decode($option['user_subject_email_payment_faild'],ENT_COMPAT,"UTF-8"); $message_temp = ""; if($option['user_formate_email_payment_faild'] == "0"){ $message_temp = nl2br(strip_tags($option['user_message_email_payment_faild'])); }else{ $message_temp = $option['user_message_email_payment_faild']; } $message = $form->filterEmail($message_temp,$user_data, "" ); $from_name = $option['user_from_name_payment_faild']; $from_email = $option['user_from_email_payment_faild']; $reply_email = $option['user_to_email_payment_faild']; //Headers $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n"; if(!empty($from_email) && filter_var($from_email,FILTER_VALIDATE_EMAIL))//Validating From $headers .= "From: ".$from_name." <".$from_email."> \r\n"; if($reply_email){ $headers .= "Reply-To: {$reply_email}\r\n"; $headers .= "Return-Path: {$from_name}\r\n"; }else{ $headers .= "Reply-To: {$from_email}\r\n"; $headers .= "Return-Path: {$from_email}\r\n"; } wp_mail($user_data->user_email, $subject, $message , $headers); unset($user_data); }*/ /******************************************************/ $login_error = apply_filters("piereg_cancled_message", __("You canceled your payment.", "piereg")); } if (isset($errors->errors['login-error'][0]) > 0) { $login_error = apply_filters("piereg_login_error", __($errors->errors['login-error'][0], "piereg")); } else { if (!empty($_GET['action'])) { if ('loggedout' == $_GET['action']) { $login_warning = '<strong>' . ucwords(__("warning", "piereg")) . '</strong>: ' . apply_filters("piereg_now_logout", __("You are now logged out.", "piereg")); } elseif ('recovered' == $_GET['action']) { $login_success = '<strong>' . ucwords(__("success", "piereg")) . '</strong>: ' . apply_filters("piereg_check_yor_emailconfrm_link", __("Check your e-mail for the confirmation link.", "piereg")); } elseif ('payment_cancel' == $_GET['action']) { $login_warning = '<strong>' . ucwords(__("warning", "piereg")) . '</strong>: ' . apply_filters("piereg_canelled_your_registration", __("You have canelled your registration.", "piereg")); } elseif ('payment_success' == $_GET['action']) { $login_success = '<strong>' . ucwords(__("success", "piereg")) . '</strong>: ' . apply_filters("piereg_thank_you_for_registration", __("Thank you for your registration. You will receieve your login credentials soon.", "piereg")); } elseif ('activate' == $_GET['action']) { $unverified = get_users(array('meta_key' => 'hash', 'meta_value' => $_GET['activation_key'])); if (sizeof($unverified) == 1) { $user_id = $unverified[0]->ID; $user_login = $unverified[0]->user_login; $user_email = $unverified[0]->user_email; if ($user_login == $_GET['id']) { update_user_meta($user_id, 'active', 1); $hash = ""; update_user_meta($user_id, 'hash', $hash); /*************************************/ /////////// THANK YOU E-MAIL ////////// $form = new Registration_form(); $subject = html_entity_decode($option['user_subject_email_email_thankyou'], ENT_COMPAT, "UTF-8"); $message_temp = ""; if ($option['user_formate_email_email_thankyou'] == "0") { $message_temp = nl2br(strip_tags($option['user_message_email_email_thankyou'])); } else { $message_temp = $option['user_message_email_email_thankyou']; } $message = $form->filterEmail($message_temp, $user_email); $from_name = $option['user_from_name_email_thankyou']; $from_email = $option['user_from_email_email_thankyou']; $reply_email = $option['user_to_email_email_thankyou']; //Headers $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n"; if (!empty($from_email) && filter_var($from_email, FILTER_VALIDATE_EMAIL)) { //Validating From $headers .= "From: " . $from_name . " <" . $from_email . "> \r\n"; } if ($reply_email) { $headers .= "Reply-To: {$reply_email}\r\n"; $headers .= "Return-Path: {$from_name}\r\n"; } else { $headers .= "Reply-To: {$from_email}\r\n"; $headers .= "Return-Path: {$from_email}\r\n"; } wp_mail($user_email, $subject, $message, $headers); /////////// END THANK YOU E-MAIL ////////// /*************************************/ $login_success = '<strong>' . ucwords(__("success", "piereg")) . '</strong>: ' . apply_filters("piereg_your_account_is_now_active", __("Your account is now active", "piereg")); } else { $login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_invalid_activation_key", __("Invalid activation key", "piereg")); } } else { $user_name = esc_sql($_GET['id']); $user = get_userdatabylogin($user_name); if ($user) { $user_meta = get_user_meta($user->ID, 'active'); if (isset($user_meta[0]) && $user_meta[0] == 1) { $login_warning = '<strong>' . ucwords(__("warning", "piereg")) . '</strong>: ' . apply_filters("piereg_canelled_your_registration", __("You are already activate", "piereg")); unset($user_meta); unset($user_name); unset($user); } else { $login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_invalid_activation_key", __("Invalid activation key", "piereg")); } } else { $login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_invalid_activation_key", __("You are block", "piereg")); } } } elseif ('resetpass' == $_GET['action'] || 'rp' == $_GET['action']) { $user = check_password_reset_key($_GET['key'], $_GET['login']); if (is_wp_error($user)) { if ($user->get_error_code() === 'expired_key') { $login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_you_key_has_been_expired", __("You key has been expired, please reset password again!", "piereg") . ' <a href="' . pie_lostpassword_url() . '" title="' . __("Password Lost and Found", "piereg") . '">' . __("Lost your password?", "piereg") . '</a>'); } else { $login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_this_reset_key_invalid_or_no_longer_exists", __("This Reset key is invalid or no longer exists. Please reset password again!", "piereg") . ' <a href="' . pie_lostpassword_url() . '" title="' . __("Password Lost and Found", "piereg") . '">' . __("Lost your password?", "piereg") . '</a>'); } $newpasspageLock = 1; } else { $login_warning = '<strong>' . ucwords(__("warning", "piereg")) . '</strong>: ' . __('Enter your new password below.', "piereg"); } if (isset($_POST['pass1'])) { $errors = new WP_Error(); if (isset($_POST['pass1']) && trim($_POST['pass1']) == "") { $login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_invalid_password", __('Invalid Password', "piereg")); $errors->add('password_reset_mismatch', $login_error); } elseif (isset($_POST['pass1']) and strlen($_POST['pass1']) < 7) { $login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_minimum_8_characters_required_in_password", __('Minimum 8 characters required in password', "piereg")); $errors->add('password_reset_mismatch', $login_error); } elseif (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_the_passwords_do_not_match", __('The passwords do not match', "piereg")); $errors->add('password_reset_mismatch', $login_error); } do_action('validate_password_reset', $errors, $user); if (!$errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) { reset_password($user, $_POST['pass1']); $newpasspageLock = 1; $login_warning = ''; $login_error = ''; $login_success = '<strong>' . ucwords(__("success", "piereg")) . '</strong>: ' . apply_filters("piereg_your_password_has_been_reset", __('Your password has been reset.', "piereg")); } } } } } if (trim($wp_session['message']) != "") { $form_data .= '<p class="piereg_login_error"> ' . apply_filters('piereg_messages', __($wp_session['message'], "piereg")) . "</p>"; $wp_session['message'] = ""; } if (!empty($login_error)) { $form_data .= '<p class="piereg_login_error"> ' . apply_filters('piereg_messages', $login_error) . "</p>\n"; } if (!empty($login_success)) { $form_data .= '<p class="piereg_message">' . apply_filters('piereg_messages', $login_success) . "</p>\n"; } if (!empty($login_warning)) { $form_data .= '<p class="piereg_warning">' . apply_filters('piereg_messages', $login_warning) . "</p>\n"; } if (isset($_POST['success']) && $_POST['success'] != "") { $form_data .= '<p class="piereg_message">' . apply_filters('piereg_messages', __($_POST['success'], "piereg")) . '</p>'; } if (isset($_POST['error']) && $_POST['error'] != "") { $form_data .= '<p class="piereg_login_error">' . apply_filters('piereg_messages', __($_POST['error'], "piereg")) . '</p>'; } if (isset($_GET['action']) && ('rp' == $_GET['action'] || 'resetpass' == $_GET['action']) && $newpasspageLock == 0) { $form_data .= ' <form name="resetpassform" class="piereg_resetpassform" action="' . pie_modify_custom_url(pie_login_url(), 'action=resetpass&key=' . urlencode($_GET['key']) . '&login='******'login'])) . '" method="post" autocomplete="off"> <input type="hidden" id="user_login" value="' . esc_attr($_GET['login']) . '" autocomplete="off"> <div class="field"> <label for="pass1">' . __("New password", "piereg") . '</label> <input type="password" name="pass1" id="pass1" class="input validate[required]" size="20" value="" autocomplete="off"> </div> <div class="field"> <label for="pass2">' . __("Confirm new password", "piereg") . '</label> <input type="password" name="pass2" id="pass2" class="input validate[required,equals[pass1]]" size="20" value="" autocomplete="off"> </div> <div class="pie_submit"> <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="' . __("Reset Password", "piereg") . '"> </div> <div class="field"> <div class="nav"> <a href="' . pie_login_url() . '">' . __("Log in", "piereg") . '</a>'; if ($users_can_register == 1) { $form_data .= ' | <a href="' . pie_registration_url() . '">' . __("Register", "piereg") . '</a>'; } $form_data .= '</div> </div> <div class="backtoblog"> <a title="' . __("Are you lost?", "piereg") . '" href="' . get_bloginfo("url") . '">← ' . __("Back to", "piereg") . ' ' . get_bloginfo("name") . '</a> </div> </form>'; } else { $form_data .= ' <form method="post" action="" class="piereg_loginform" name="loginform"> <p>'; if (isset($option['login_username_label']) && !empty($option['login_username_label'])) { $form_data .= '<label for="user_login">' . (isset($option['login_username_label']) && !empty($option['login_username_label']) ? __($option['login_username_label'], "piereg") : __("Username", "piereg")) . '</label>'; } $user_name_val = isset($_POST['log']) && !empty($_POST['log']) ? $_POST['log'] : ""; $form_data .= '<input placeholder="' . (isset($option['login_username_placeholder']) && !empty($option['login_username_placeholder']) ? __($option['login_username_placeholder'], "piereg") : "") . '" type="text" size="20" value="' . $user_name_val . '" class="input validate[required]" id="user_login" name="log"> </p> <p>'; if (isset($option['login_password_label']) && !empty($option['login_password_label'])) { $form_data .= '<label for="user_pass">' . (isset($option['login_password_label']) && !empty($option['login_password_label']) ? __($option['login_password_label'], "piereg") : __("Password", "piereg")) . '</label>'; } $form_data .= ' <input placeholder="' . (isset($option['login_password_placeholder']) && !empty($option['login_password_placeholder']) ? __($option['login_password_placeholder'], "piereg") : "") . '" type="password" size="20" value="" class="input validate[required]" id="user_pass" name="pwd"> </p>'; global $piereg_math_captcha_login, $piereg_math_captcha_login_widget; if ($option['capthca_in_login'] != 0 && !empty($option['capthca_in_login'])) { if ($piereg_math_captcha_login == false && $piereg_widget == false) { $form_data .= '<p>'; if (!empty($option['capthca_in_login_label'])) { $form_data .= '<label style="margin-top:0px;">' . $option['capthca_in_login_label'] . '</label>'; } $form_data .= login_form_captcha($option['capthca_in_login'], $piereg_widget); $form_data .= '</p>'; $piereg_math_captcha_login = true; } elseif ($piereg_math_captcha_login_widget == false && $piereg_widget == true) { $form_data .= '<p>'; if (!empty($option['capthca_in_login_label'])) { $form_data .= '<label style="margin-top:0px;">' . $option['capthca_in_login_label'] . '</label>'; } $form_data .= login_form_captcha($option['capthca_in_login'], $piereg_widget); $form_data .= '</p>'; $piereg_math_captcha_login_widget = true; } } //if(!is_page()) { $form_data .= ' <p class="forgetmenot"> <label for="rememberme"> <input type="checkbox" value="forever" id="rememberme" name="rememberme"> ' . __("Remember Me", "piereg") . ' </label> </p>'; //} $form_data .= ' <p class="submit"> <input type="submit" value="' . __("Log In", "piereg") . '" class="button button-primary button-large" id="wp-submit" name="wp-submit"> <input type="hidden" value="' . admin_url() . '" name="redirect_to"> <input type="hidden" value="1" name="testcookie"> </p>'; //if(!is_page() ) { $form_data .= '<p id="nav">'; if ($users_can_register == 1) { $form_data .= '<a href="' . pie_registration_url() . '">' . __("Register", "piereg") . '</a> <a style="cursor:default;text-decoration:none;" href="javascript:;"> | </a> '; } $form_data .= '<a title="' . __("Password Lost and Found", "piereg") . '" href="' . pie_lostpassword_url() . '">' . __("Lost your password?", "piereg") . '</a> </p>'; //} ?> <?php if (isset($pagenow) && $pagenow == 'wp-login.php') { $form_data .= ' <p id="backtoblog"><a title="' . __("Are you lost?", "piereg") . '" href="' . bloginfo("url") . '">←' . __(" Back to", "piereg") . ' ' . get_bloginfo("name") . '</a></p>'; } $form_data .= ' </form>'; } $form_data .= '</div> </div></div>'; return $form_data; }
/** * Смена пароля пользователя если пароль был отправлен через форму */ public function do_password_reset() { if ('POST' == $_SERVER['REQUEST_METHOD']) { $rp_key = $_REQUEST['rp_key']; $rp_login = $_REQUEST['rp_login']; $user = check_password_reset_key($rp_key, $rp_login); if (!$user || is_wp_error($user)) { if ($user && $user->get_error_code() === 'expired_key') { wp_redirect(home_url('member-login?login=expiredkey')); } else { wp_redirect(home_url('member-login?login=invalidkey')); } exit; } if (isset($_POST['pass1'])) { if ($_POST['pass1'] != $_POST['pass2']) { // Пароли не совпадают $redirect_url = home_url('member-password-reset'); $redirect_url = add_query_arg('key', $rp_key, $redirect_url); $redirect_url = add_query_arg('login', $rp_login, $redirect_url); $redirect_url = add_query_arg('error', 'password_reset_mismatch', $redirect_url); wp_redirect($redirect_url); exit; } if (empty($_POST['pass1'])) { // Пароль пустой $redirect_url = home_url('member-password-reset'); $redirect_url = add_query_arg('key', $rp_key, $redirect_url); $redirect_url = add_query_arg('login', $rp_login, $redirect_url); $redirect_url = add_query_arg('error', 'password_reset_empty', $redirect_url); wp_redirect($redirect_url); exit; } // Проверка параметров ОК, сброс пароля reset_password($user, $_POST['pass1']); wp_redirect(home_url('member-login?password=changed')); } else { echo "Недопустимый запрос."; } exit; } }
/** * Resets the user's password if the password reset form was submitted. */ public static function do_password_reset() { if (isset($_REQUEST['reset_password']) && isset($_REQUEST['reset_key']) && isset($_REQUEST['reset_login'])) { $reset_key = $_REQUEST['reset_key']; $reset_login = $_REQUEST['reset_login']; $user = check_password_reset_key($reset_key, $reset_login); if (is_wp_error($user)) { if ($user->get_error_code() === 'expired_key') { wp_redirect(pp_password_reset_url() . '?login=expiredkey'); } else { wp_redirect(pp_password_reset_url() . '?login=invalidkey'); } exit; } if (isset($_POST['password1']) && isset($_POST['password2'])) { if ($_POST['password1'] != $_POST['password2']) { // Passwords don't match $redirect_url = add_query_arg(array('key' => $reset_key, 'login' => $reset_login, 'error' => 'password_mismatch'), pp_password_reset_url()); wp_redirect($redirect_url); exit; } if (empty($_POST['password1'])) { // Empty password $redirect_url = add_query_arg(array('key' => $reset_key, 'login' => $reset_login, 'error' => 'password_empty'), pp_password_reset_url()); wp_redirect($redirect_url); exit; } // Everything is cool now. reset_password($user, $_POST['password1']); wp_redirect(pp_password_reset_url() . '?password=changed'); exit; } else { $redirect_url = add_query_arg(array('key' => $reset_key, 'login' => $reset_login, 'error' => 'invalid'), pp_password_reset_url()); wp_redirect($redirect_url); exit; } // be double sure the function is exited :D exit; } }
/** * Reset Password hooks */ function action_reset_pass() { list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI'])); $rp_cookie = 'wp-resetpass-' . COOKIEHASH; if (isset($_GET['key'])) { $value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key'])); setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true); wp_safe_redirect(remove_query_arg(array('key', 'login'))); exit; } if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) { list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2); $user = check_password_reset_key($rp_key, $rp_login); } else { $user = false; } if (!$user || is_wp_error($user)) { setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); if ($user && $user->get_error_code() === 'expired_key') { wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey')); } else { wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey')); } exit; } $errors = new WP_Error(); if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $errors->add('password_reset_mismatch', __('The passwords do not match.', 'colabsthemes')); } /** * Fires before the password reset procedure is validated. * * @since 3.5.0 * * @param object $errors WP Error object. * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise. */ do_action('validate_password_reset', $errors, $user); if (!$errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) { reset_password($user, $_POST['pass1']); setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); $message = __('Your password has been reset.', 'colabsthemes') . ' <a href="' . esc_url(wp_login_url()) . '">' . __('Log in', 'colabsthemes') . '</a>'; } wp_enqueue_script('password-strength-meter'); wp_enqueue_script('zxcvbn-async'); wp_enqueue_script('custom-strengthmeter', trailingslashit(get_template_directory_uri()) . 'includes/js/custom-strengthmeter.js'); if (isset($message) && !empty($message)) { $this->render_messages($message); } if (isset($errors) && sizeof($errors) > 0 && $errors->get_error_code()) { $this->render_messages($errors); } $this->reset_pass_form($rp_key); }