/**
* Password reset
*
* @param array $atts User attributes.
* @return string Error message
*/
function moove_reset_password($atts)
{
$validation_messages = get_option('moove_protection-validation');
if (is_user_logged_in()) {
return '<p>' . __('Cannot reset password for a logged in user.', 'moove') . '</p>';
}
$errors = array();
$token = sanitize_key(wp_unslash($_GET['token']));
$reset_token = sanitize_key(wp_unslash($_POST['reset_token']));
if (trim($token) === '' && !isset($reset_token)) {
return '<p>' . __('No token has been specified.', 'moove') . '</p>';
}
if (isset($reset_token)) {
if (!wp_verify_nonce(sanitize_key(wp_unslash($_POST['moove_reset'])), 'moove_reset_action')) {
$errors['error'] = true;
$errors['nonce'] = 'Remote check failed';
}
$token = $reset_token;
$password = sanitize_text_field(wp_unslash($_POST['password']));
$password2 = sanitize_text_field(wp_unslash($_POST['password2']));
if (trim($password) === '') {
$errors['error'] = true;
$errors['password'] = $validation_messages['Reset_password_required'];
}
if (mb_strlen($password) < 8) {
$errors['error'] = true;
$errors['password'] = $validation_messages['Reset_password_min-length'];
}
if ($password !== $password2) {
$errors['error'] = true;
$errors['password2'] = $validation_messages['Reset_password_equal-to'];
}
}
if (!isset($errors['error']) && isset($reset_token)) {
$user = new Moove_User();
$result = $user->moove_update_password($token, sanitize_text_field(wp_unslash($_POST['password'])));
if ($result === false) {
$errors['error'] = true;
$errors['fail'] = __('An error occurred. Please try again', 'moove');
}
}
if (!isset($errors['error']) && isset($reset_token)) {
echo Moove_View::load('moove.reset-completed', false);
} else {
echo Moove_View::load('moove.reset', array('token' => esc_attr($token), 'errors' => $errors));
}
}