/**
* handle the password retrieval procedure
*
* The user has entered his user name or email address in order to
* receive a new password. Now, let's check if that is possible
* If yes, send him or her a code for resetting his or her password
*
* @return WP_Error event if code could not be sent to the user
*/
public static function handle_code_retrieval()
{
// Prevent Cross-Site-Request-Forgery
if (!Handlers::is_nonce_ok('code_retrieval_form')) {
return new \WP_Error('nonce', __('There seems to be a security issue. Please do not continue, but inform us!', 'YALW'), 'error');
}
Session::set_user_login(trim($_POST['YALW_user_login']));
$user_data = Handlers::get_user_data_by(Session::get_user_login());
if (is_wp_error($user_data)) {
return $user_data;
}
do_action('retrieve_password', $user_data->user_login);
/*
* check if the user may reset his or her password
* the range of possible return types of apply_filters makes it useless
* to move this stuff in a separate function, IMHO.
*/
$allowed = apply_filters('allow_password_reset', true, $user_data->ID);
if (!$allowed) {
return new \WP_Error('no_password_reset', __('Password reset is not allowed for this user', 'YALW'), 'warn');
} else {
if (is_wp_error($allowed)) {
return $allowed;
}
}
$send_status = Handlers::send_reset_code($user_data);
if (is_wp_error($send_status)) {
return $send_status;
}
// We only save the user_login and the ID for later use, not the whole WP_User -- we don't need to
Session::set_user_login($user_data->user_login);
Session::set_user_id($user_data->ID);
Session::set_next_widget_task('check_code');
return new \WP_Error('email_sent', __('You should have received an email with a reset code. Please check your inbox.', 'YALW'), 'info');
}
