}
if (strlen($_POST['pass1']) < 6) {
$errors->add('password_reset_mismatch2', '密码至少6位。');
}
/**
* Fires before the password reset procedure is validated.
*
* @since 3.5.0
*
* @param object $errors WP Error object.
* @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise.
*/
do_action('validate_password_reset', $errors, $user);
if (!$errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) {
reset_password($user, $_POST['pass1']);
wp_redirect(mo_get_user_rp() . '?action=success');
exit;
}
// wp_enqueue_script('utils');
// wp_enqueue_script('user-profile');
$classactive2 = ' class="active"';
break;
case 'success':
$classactive3 = ' class="active"';
break;
}
?>
<section class="container">
<div class="content-wrap">
<div class="content resetpass">
<h1 class="hide"><?php
www: '<?php
echo home_url();
?>
',
uri: '<?php
echo get_stylesheet_directory_uri();
?>
',
ver: '<?php
echo THEME_VERSION;
?>
',
roll: <?php
echo $roll;
?>
,
ajaxpager: '<?php
echo _wedn_option("ajaxpager");
?>
',
url_rp: '<?php
echo mo_get_user_rp();
?>
'
};
</script>
<?php
wp_footer();
?>
</body>
</html>
function retrieve_password()
{
global $wpdb, $wp_hasher;
$errors = new WP_Error();
if (empty($_POST['user_login'])) {
$errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.'));
} else {
if (strpos($_POST['user_login'], '@')) {
$user_data = get_user_by('email', trim($_POST['user_login']));
if (empty($user_data)) {
$errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
}
} else {
$login = trim($_POST['user_login']);
$user_data = get_user_by('login', $login);
}
}
/**
* Fires before errors are returned from a password reset request.
*
* @since 2.1.0
*/
do_action('lostpassword_post');
if ($errors->get_error_code()) {
return $errors;
}
if (!$user_data) {
$errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.'));
return $errors;
}
// redefining user_login ensures we return the right case in the email
$user_login = $user_data->user_login;
$user_email = $user_data->user_email;
/**
* Fires before a new password is retrieved.
*
* @since 1.5.0
* @deprecated 1.5.1 Misspelled. Use 'retrieve_password' hook instead.
*
* @param string $user_login The user login name.
*/
do_action('retreive_password', $user_login);
/**
* Fires before a new password is retrieved.
*
* @since 1.5.1
*
* @param string $user_login The user login name.
*/
do_action('retrieve_password', $user_login);
/**
* Filter whether to allow a password to be reset.
*
* @since 2.7.0
*
* @param bool true Whether to allow the password to be reset. Default true.
* @param int $user_data->ID The ID of the user attempting to reset a password.
*/
$allow = apply_filters('allow_password_reset', true, $user_data->ID);
if (!$allow) {
return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
} else {
if (is_wp_error($allow)) {
return $allow;
}
}
// Generate something random for a password reset key.
$key = wp_generate_password(20, false);
/**
* Fires when a password reset key is generated.
*
* @since 2.5.0
*
* @param string $user_login The username for the user.
* @param string $key The generated password reset key.
*/
do_action('retrieve_password_key', $user_login, $key);
// Now insert the key, hashed, into the DB.
if (empty($wp_hasher)) {
require_once ABSPATH . 'wp-includes/class-phpass.php';
$wp_hasher = new PasswordHash(8, true);
}
$hashed = $wp_hasher->HashPassword($key);
$wpdb->update($wpdb->users, array('user_activation_key' => $hashed), array('user_login' => $user_login));
$message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
$message .= network_home_url('/') . "\r\n\r\n";
$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
$message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
$message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
$message .= network_site_url(mo_get_user_rp() . "?action=resetpass&key={$key}&login="******"<br />\n" . __('Possible reason: your host may have disabled the mail() function.'));
}
return true;
}