function wppb_check_password_value($message, $field, $request_data, $form_location) { if ($form_location == 'register') { if (isset($request_data['passw1']) && trim($request_data['passw1']) == '' && $field['required'] == 'Yes') { return wppb_required_field_error($field["field-title"]); } elseif (!isset($request_data['passw1']) && $field['required'] == 'Yes') { return wppb_required_field_error($field["field-title"]); } } if (trim($request_data['passw1']) != '') { $wppb_generalSettings = get_option('wppb_general_settings'); if (wppb_check_password_length($request_data['passw1'])) { return '<br/>' . sprintf(__("The password must have the minimum length of %s characters", "profile-builder"), $wppb_generalSettings['minimum_password_length']); } if (wppb_check_password_strength()) { return '<br/>' . sprintf(__("The password must have a minimum strength of %s", "profile-builder"), wppb_check_password_strength()); } } return $message; }
/** * The function for the recover password shortcode * */ function wppb_front_end_password_recovery() { global $wppb_shortcode_on_front; $wppb_shortcode_on_front = true; $message = $messageNo = $message2 = $messageNo2 = $linkLoginName = $linkKey = ''; global $wpdb; ob_start(); //Get general settings $wppb_generalSettings = get_option('wppb_general_settings'); // If the user entered an email/username, process the request if ('POST' == $_SERVER['REQUEST_METHOD'] && !empty($_POST['action']) && $_POST['action'] == 'recover_password' && wp_verify_nonce($_POST['password_recovery_nonce_field'], 'verify_true_password_recovery')) { $postedData = $_POST['username_email']; //we get the raw data //check to see if it's an e-mail (and if this is valid/present in the database) or is a username // if we do not have an email in the posted date we try to get the email for that user if (!is_email($postedData)) { if (username_exists($postedData)) { $query = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$wpdb->users} WHERE user_login= %s", $postedData)); if (!empty($query[0])) { $postedData = $query[0]->user_email; } } else { $message = __('The username entered wasn\'t found in the database!', 'profile-builder') . '<br/>' . __('Please check that you entered the correct username.', 'profile-builder'); $message = apply_filters('wppb_recover_password_sent_message4', $message); $messageNo = '4'; } } // we should have an email by this point if (is_email($postedData)) { if (email_exists($postedData)) { $retVal = wppb_check_for_unapproved_user($postedData, 'user_email'); if ($retVal[0] != '') { $message = $retVal[0]; $messageNo = $retVal[1]; } else { $message = sprintf(__('Check your e-mail for the confirmation link.', 'profile-builder'), $postedData); $message = apply_filters('wppb_recover_password_sent_message1', $message, $postedData); $messageNo = '1'; } } elseif (!email_exists($postedData)) { $message = __('The email address entered wasn\'t found in the database!', 'profile-builder') . '<br/>' . __('Please check that you entered the correct email address.', 'profile-builder'); $message = apply_filters('wppb_recover_password_sent_message2', $message); $messageNo = '2'; } } // For some extra validations you can filter messageNo $messageNo = apply_filters('wppb_recover_password_message_no', $messageNo); if ($messageNo == '1') { //verify e-mail validity $query = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$wpdb->users} WHERE user_email= %s", $postedData)); if (!empty($query[0])) { $requestedUserID = $query[0]->ID; $requestedUserLogin = $query[0]->user_login; $requestedUserEmail = $query[0]->user_email; $requestedUserNicename = $query[0]->user_nicename; if ($wppb_generalSettings['loginWith'] == 'username') { $display_username_email = $query[0]->user_login; } else { $display_username_email = $query[0]->user_email; } //search if there is already an activation key present, if not create one $key = wppb_retrieve_activation_key($requestedUserLogin); //send primary email message $recoveruserMailMessage1 = sprintf(__('Someone requested that the password be reset for the following account: <b>%1$s</b><br/>If this was a mistake, just ignore this email and nothing will happen.<br/>To reset your password, visit the following link:%2$s', 'profile-builder'), $display_username_email, '<a href="' . esc_url(add_query_arg(array('loginName' => $requestedUserNicename, 'key' => $key), wppb_curpageurl())) . '">' . esc_url(add_query_arg(array('loginName' => $requestedUserNicename, 'key' => $key), wppb_curpageurl())) . '</a>'); $recoveruserMailMessage1 = apply_filters('wppb_recover_password_message_content_sent_to_user1', $recoveruserMailMessage1, $requestedUserID, $requestedUserLogin, $requestedUserEmail); $recoveruserMailMessageTitle1 = sprintf(__('Password Reset from "%1$s"', 'profile-builder'), $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES)); $recoveruserMailMessageTitle1 = apply_filters('wppb_recover_password_message_title_sent_to_user1', $recoveruserMailMessageTitle1, $requestedUserLogin); //we add this filter to enable html encoding add_filter('wp_mail_content_type', create_function('', 'return "text/html"; ')); //send mail to the user notifying him of the reset request if (trim($recoveruserMailMessageTitle1) != '') { $sent = wp_mail($requestedUserEmail, $recoveruserMailMessageTitle1, $recoveruserMailMessage1); if ($sent === false) { $message = '<b>' . __('ERROR', 'profile-builder') . ': </b>' . sprintf(__('There was an error while trying to send the activation link to %1$s!', 'profile-builder'), $postedData); $message = apply_filters('wppb_recover_password_sent_message_error_sending', $message); $messageNo = '5'; } } } } } elseif ('POST' == $_SERVER['REQUEST_METHOD'] && !empty($_POST['action2']) && $_POST['action2'] == 'recover_password2' && wp_verify_nonce($_POST['password_recovery_nonce_field2'], 'verify_true_password_recovery2_' . $_POST['userData'])) { if ($_POST['passw1'] == $_POST['passw2'] && (!empty($_POST['passw1']) && !empty($_POST['passw2']))) { if (!empty($wppb_generalSettings['minimum_password_length']) || isset($_POST['wppb_password_strength']) && !empty($wppb_generalSettings['minimum_password_strength'])) { $message2 = ''; if (wppb_check_password_length($_POST['passw1'])) { $message2 .= '<br/>' . sprintf(__("The password must have the minimum length of %s characters", "profile-builder"), $wppb_generalSettings['minimum_password_length']) . '<br/>'; $messageNo2 = '2'; } if (wppb_check_password_strength()) { $message2 .= '<br/>' . sprintf(__("The password must have a minimum strength of %s", "profile-builder"), wppb_check_password_strength()); $messageNo2 = '2'; } } if ($messageNo2 != 2) { $message2 = __('Your password has been successfully changed!', 'profile-builder'); $messageNo2 = '1'; $userID = $_POST['userData']; $new_pass = $_POST['passw1']; //update the new password and delete the key do_action('wppb_password_reset', $userID, $new_pass); wp_set_password($new_pass, $userID); $user_info = get_userdata($userID); if ($wppb_generalSettings['loginWith'] == 'username') { $display_username_email = $user_info->user_login; } else { $display_username_email = $user_info->user_email; } //send secondary mail to the user containing the username and the new password $recoveruserMailMessage2 = sprintf(__('You have successfully reset your password to: %1$s', 'profile-builder'), $new_pass); $recoveruserMailMessage2 = apply_filters('wppb_recover_password_message_content_sent_to_user2', $recoveruserMailMessage2, $display_username_email, $new_pass, $userID); $recoveruserMailMessageTitle2 = sprintf(__('Password Successfully Reset for %1$s on "%2$s"', 'profile-builder'), $display_username_email, $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES)); $recoveruserMailMessageTitle2 = apply_filters('wppb_recover_password_message_title_sent_to_user2', $recoveruserMailMessageTitle2, $display_username_email); //we add this filter to enable html encoding add_filter('wp_mail_content_type', create_function('', 'return "text/html"; ')); //send mail to the user notifying him of the reset request if (trim($recoveruserMailMessageTitle2) != '') { wp_mail($user_info->user_email, $recoveruserMailMessageTitle2, $recoveruserMailMessage2); } //send email to admin $recoveradminMailMessage = sprintf(__('%1$s has requested a password change via the password reset feature.<br/>His/her new password is:%2$s', 'profile-builder'), $display_username_email, $_POST['passw1']); $recoveradminMailMessage = apply_filters('wppb_recover_password_message_content_sent_to_admin', $recoveradminMailMessage, $display_username_email, $_POST['passw1'], $userID); $recoveradminMailMessageTitle = sprintf(__('Password Successfully Reset for %1$s on "%2$s"', 'profile-builder'), $display_username_email, $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES)); $recoveradminMailMessageTitle = apply_filters('wppb_recover_password_message_title_sent_to_admin', $recoveradminMailMessageTitle, $display_username_email); //we disable the feature to send the admin a notification mail but can be still used using filters $recoveradminMailMessageTitle = ''; $recoveradminMailMessageTitle = apply_filters('wppb_recover_password_message_title_sent_to_admin', $recoveradminMailMessageTitle, $display_username_email); //we add this filter to enable html encoding add_filter('wp_mail_content_type', create_function('', 'return "text/html"; ')); //send mail to the admin notifying him of of a user with a password reset request if (trim($recoveradminMailMessageTitle) != '') { wp_mail(get_option('admin_email'), $recoveradminMailMessageTitle, $recoveradminMailMessage); } } } else { $message2 = __('The entered passwords don\'t match!', 'profile-builder'); $messageNo2 = '2'; } } ?> <div class="wppb_holder" id="wppb-recover-password"> <?php // use this action hook to add extra content before the password recovery form do_action('wppb_before_recover_password_fields'); //this is the part that handles the actual recovery if (isset($_GET['submitted']) && isset($_GET['loginName']) && isset($_GET['key'])) { //get the login name and key and verify if they match the ones in the database $key = $_GET['key']; $login_nicename = $_GET['loginName']; $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->users} WHERE user_activation_key = %s AND user_nicename = %s", $key, $login_nicename)); if (!empty($user)) { //check if the "finalAction" variable is not in the address bar, if it is, don't display the form anymore if (isset($_GET['finalAction']) && $_GET['finalAction'] == 'yes') { if ($messageNo2 == '2') { echo apply_filters('wppb_recover_password_password_changed_message2', '<p class="wppb-error">' . $message2 . '</p>', $message2); wppb_create_recover_password_form($user, $_POST); } elseif ($messageNo2 == '1') { echo apply_filters('wppb_recover_password_password_changed_message1', '<p class="wppb-success">' . $message2 . '</p>', $message2); } } else { wppb_create_recover_password_form($user, $_POST); } } else { if ($messageNo2 == '1') { if (PROFILE_BUILDER == 'Profile Builder Pro') { $wppb_module_settings = get_option('wppb_module_settings'); if (isset($wppb_module_settings['wppb_customRedirect']) && $wppb_module_settings['wppb_customRedirect'] == 'show' && function_exists('wppb_custom_redirect_url')) { $redirect_url = wppb_custom_redirect_url('after_success_password_reset', '', $_GET['loginName']); $redirect_url = apply_filters('wppb_after_success_password_reset_redirect_url', $redirect_url); if (isset($redirect_url) && !empty($redirect_url)) { $redirect_after_seconds = 3; echo apply_filters('wppb_after_success_password_reset_redirect_after_seconds', '<meta http-equiv="refresh" content="' . $redirect_after_seconds . '; url=' . $redirect_url . '">', $redirect_after_seconds); $before_redirect_message = 'You will soon be redirected automatically. If you see this page for more than ' . $redirect_after_seconds . ' seconds, please click <a href="' . $redirect_url . '">here</a>.'; $before_redirect_message = apply_filters('wppb_after_success_password_reset_before_redirect_message', $before_redirect_message); } } } echo apply_filters('wppb_recover_password_password_changed_message1', '<p class="wppb-success">' . $message2 . '</p>', $message2); if (isset($before_redirect_message) && !empty($before_redirect_message)) { echo '<p>' . $before_redirect_message . '</p>'; } } elseif ($messageNo2 == '2') { echo apply_filters('wppb_recover_password_password_changed_message2', '<p class="wppb-error">' . $message2 . '</p>', $message2); } else { echo apply_filters('wppb_recover_password_invalid_key_message', '<p class="wppb-warning"><b>' . __('ERROR:', 'profile-builder') . '</b>' . __('Invalid key!', 'profile-builder') . '</p>'); } } } else { //display error message and the form if ($messageNo == '' || $messageNo == '2' || $messageNo == '4') { if (!empty($message)) { echo apply_filters('wppb_recover_password_displayed_message1', '<p class="wppb-warning">' . $message . '</p>'); } wppb_create_generate_password_form($_POST); } elseif ($messageNo == '5' || $messageNo == '6') { echo apply_filters('wppb_recover_password_displayed_message1', '<p class="wppb-warning">' . $message . '</p>'); } else { echo apply_filters('wppb_recover_password_displayed_message2', '<p class="wppb-success">' . $message . '</p>'); } //display success message } // use this action hook to add extra content after the password recovery form. do_action('wppb_after_recover_password_fields'); ?> </div> <?php $output = ob_get_contents(); ob_end_clean(); return $output; }