/**
* Return password reset handler form or redirect to password reset page when key is invalid.
*
* @param int $id
*
* @return null|string
*/
public function get_password_reset_handler_structure($id)
{
// Verify key / login combo
$user = check_password_reset_key($_REQUEST['key'], $_REQUEST['login']);
if (!$user || is_wp_error($user)) {
if ($user && $user->get_error_code() === 'expired_key') {
wp_redirect(pp_password_reset_url() . '?error=expiredkey');
} else {
wp_redirect(pp_password_reset_url() . '?error=invalidkey');
}
exit;
} else {
$handler_structure = PROFILEPRESS_sql::get_password_reset_handler_structure($id);
$handler_structure .= '<input type="hidden" name="reset_key" value="' . esc_attr($_REQUEST['key']) . '">';
$handler_structure .= '<input type="hidden" name="reset_login" value="' . esc_attr($_REQUEST['login']) . '">';
}
return $handler_structure;
}
/**
* Resets the user's password if the password reset form was submitted.
*/
public static function do_password_reset()
{
if (isset($_REQUEST['reset_password']) && isset($_REQUEST['reset_key']) && isset($_REQUEST['reset_login'])) {
$reset_key = $_REQUEST['reset_key'];
$reset_login = $_REQUEST['reset_login'];
$user = check_password_reset_key($reset_key, $reset_login);
if (is_wp_error($user)) {
if ($user->get_error_code() === 'expired_key') {
wp_redirect(pp_password_reset_url() . '?login=expiredkey');
} else {
wp_redirect(pp_password_reset_url() . '?login=invalidkey');
}
exit;
}
if (isset($_POST['password1']) && isset($_POST['password2'])) {
if ($_POST['password1'] != $_POST['password2']) {
// Passwords don't match
$redirect_url = add_query_arg(array('key' => $reset_key, 'login' => $reset_login, 'error' => 'password_mismatch'), pp_password_reset_url());
wp_redirect($redirect_url);
exit;
}
if (empty($_POST['password1'])) {
// Empty password
$redirect_url = add_query_arg(array('key' => $reset_key, 'login' => $reset_login, 'error' => 'password_empty'), pp_password_reset_url());
wp_redirect($redirect_url);
exit;
}
// Everything is cool now.
reset_password($user, $_POST['password1']);
wp_redirect(pp_password_reset_url() . '?password=changed');
exit;
} else {
$redirect_url = add_query_arg(array('key' => $reset_key, 'login' => $reset_login, 'error' => 'invalid'), pp_password_reset_url());
wp_redirect($redirect_url);
exit;
}
// be double sure the function is exited :D
exit;
}
}
/**
* Get front-end do password reset form url.
*
* @param string $user_login
* @param string $key
*
* @return string
*/
function pp_get_do_password_reset_url($user_login, $key)
{
if (apply_filters('pp_front_end_do_password_reset', true)) {
$url = pp_password_reset_url() . "?key={$key}&login="******"?key={$key}&login=" . rawurlencode($user_login);
}
return $url;
}
