function wp_doin_pre_submission_4($form) { // we'll need the data created before to update the correct user global $gf_reset_user; list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI'])); $rp_cookie = 'wp-resetpass-' . COOKIEHASH; // get the old and new pass values $pass = $_POST['input_3']; // if we're doing a cron job let's forget about it if (defined('DOING_CRON') || isset($_GET['doing_wp_cron'])) { return; } // let's check if a user with given name exists // we're already doing that in the form validation, but this gives us another bridge of safety $user_id = username_exists($gf_reset_user->ID); // let's validate the email and the user if (!$user_id) { // let's add another safety check to make sure that the passwords remain unchanged if (!empty($pass)) { reset_password($gf_reset_user, $pass); setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); wp_logout(); } } else { // validation failed return; } }
block_user_admin($subuser, $status); } break; case 8: if (!$_SESSION['admin']) { break; } /* Reset User Password */ $reset = make_safe($_POST['reset']); $subuser = make_safe($_POST["subuser"]); if (!$reset || !$subuser) { print_reset_form_admin(); } else { $s2 = make_safe($_POST['password2']); $s3 = make_safe($_POST['password3']); reset_password($subuser, $s1, $s2, $s3, 1); print '<hr><a href="?method=0">Back</a>'; } break; case 9: if (!$_SESSION['admin']) { break; } /* Add new Team */ $addteam = make_safe($_POST['addteam']); if (!$addteam) { print_add_new_team_form(); } else { $team = make_safe($_POST['team']); $location = make_safe($_POST['location']); $query = "insert into teams values ('" . $team . "','" . $location . "')";
/** * Resets the user's password if the password reset form was submitted. */ public static function do_password_reset() { if (isset($_REQUEST['reset_password']) && isset($_REQUEST['reset_key']) && isset($_REQUEST['reset_login'])) { $reset_key = $_REQUEST['reset_key']; $reset_login = $_REQUEST['reset_login']; $user = check_password_reset_key($reset_key, $reset_login); if (is_wp_error($user)) { if ($user->get_error_code() === 'expired_key') { wp_redirect(pp_password_reset_url() . '?login=expiredkey'); } else { wp_redirect(pp_password_reset_url() . '?login=invalidkey'); } exit; } if (isset($_POST['password1']) && isset($_POST['password2'])) { if ($_POST['password1'] != $_POST['password2']) { // Passwords don't match $redirect_url = add_query_arg(array('key' => $reset_key, 'login' => $reset_login, 'error' => 'password_mismatch'), pp_password_reset_url()); wp_redirect($redirect_url); exit; } if (empty($_POST['password1'])) { // Empty password $redirect_url = add_query_arg(array('key' => $reset_key, 'login' => $reset_login, 'error' => 'password_empty'), pp_password_reset_url()); wp_redirect($redirect_url); exit; } // Everything is cool now. reset_password($user, $_POST['password1']); wp_redirect(pp_password_reset_url() . '?password=changed'); exit; } else { $redirect_url = add_query_arg(array('key' => $reset_key, 'login' => $reset_login, 'error' => 'invalid'), pp_password_reset_url()); wp_redirect($redirect_url); exit; } // be double sure the function is exited :D exit; } }
public function processResetPassword(WP_REST_Request $request) { $params = $request->get_params(); $option = get_option('phone-app-login'); $phone = $params['phone']; $code = $params['code']; $result = $this->verify($phone, $code); if (is_wp_error($result)) { return $result; } if (!$result) { return new WP_Error('verify_failed', '验证码验证失败。', array('status' => 403)); } $user = get_user_by('login', $phone); if (is_wp_error($user)) { return $user; } $result = reset_password($user, $params['password']); if (is_wp_error($result)) { return $result; } return array('ok' => 1); }
$page['infos'][] = l10n('Your password has been reset'); $page['infos'][] = '<a href="' . get_root_url() . 'identification.php">' . l10n('Login') . '</a>'; return true; } // +-----------------------------------------------------------------------+ // | Process form | // +-----------------------------------------------------------------------+ if (isset($_POST['submit'])) { check_pwg_token(); if ('lost' == $_GET['action']) { if (process_password_request()) { $page['action'] = 'none'; } } if ('reset' == $_GET['action']) { if (reset_password()) { $page['action'] = 'none'; } } } // +-----------------------------------------------------------------------+ // | key and action | // +-----------------------------------------------------------------------+ // a connected user can't reset the password from a mail if (isset($_GET['key']) and !is_a_guest()) { unset($_GET['key']); } if (isset($_GET['key']) and !isset($_POST['submit'])) { $user_id = check_password_reset_key($_GET['key']); if (is_numeric($user_id)) { $userdata = getuserdata($user_id, false);
/** * Returns HTML partial that contains password-reset form. * Based on WordPress core code from wp-login.php * * @since 1.0.0 * * @return string */ private function reset_form() { ob_start(); lib2()->array->equip_get('login', 'key'); $rp_login = wp_unslash($_GET['login']); $rp_key = wp_unslash($_GET['key']); $err_msg = new WP_Error(); // Get the user object and validate the key. if ($rp_login && $rp_key) { $user = check_password_reset_key($rp_key, $rp_login); } else { $user = false; } lib2()->array->strip_slashes($_POST, 'pass1', 'pass2'); // If the user was not found then redirect to an error page. if (!$user || is_wp_error($user)) { if ($user && 'expired_key' == $user->get_error_code()) { $err_msg->add('password_expired_key', __('The password-reset key is already expired.', MS_TEXT_DOMAIN)); } else { $err_msg->add('password_invalid_key', __('The password-reset key is invalid or missing.', MS_TEXT_DOMAIN)); } $url = esc_url_raw(remove_query_arg(array('action', 'key', 'login'))); return sprintf('<p>%s</p><p><a href="%s">%s</a>', $err_msg, $url, __('Request a new password-reset key', MS_TEXT_DOMAIN)); } else { // If the user provided a new password, then check it now. if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $err_msg->add('password_reset_mismatch', __('The passwords do not match.', MS_TEXT_DOMAIN)); } } // This action is documented in wp-login.php do_action('validate_password_reset', $err_msg, $user); if (!count($err_msg->errors) && isset($_POST['pass1']) && !empty($_POST['pass1'])) { reset_password($user, $_POST['pass1']); // All done! return __('Your Password has been reset.', MS_TEXT_DOMAIN); } wp_enqueue_script('utils'); wp_enqueue_script('user-profile'); if (count($err_msg->errors)) { echo '<p class="error">' . implode('<br/>', $err_msg->get_error_messages()) . '</p>'; } ?> <form name="resetpassform" id="resetpassform" action="" method="post" autocomplete="off"> <input type="hidden" id="user_login" value="<?php echo esc_attr($rp_login); ?> " autocomplete="off"/> <p> <label for="pass1"><?php _e('New password', MS_TEXT_DOMAIN); ?> <br/> <input type="password" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off"/></label> </p> <p> <label for="pass2"><?php _e('Confirm new password', MS_TEXT_DOMAIN); ?> <br/> <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off"/></label> </p> <div id="pass-strength-result" class="hide-if-no-js"><?php _e('Strength indicator', MS_TEXT_DOMAIN); ?> </div> <p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers, and symbols like ! " ? $ % ^ & ).', MS_TEXT_DOMAIN); ?> </p> <br class="clear"/> <?php // This action is documented in wp-login.php do_action('resetpass_form', $user); ?> <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Reset Password'); ?> "/></p> </form> <?php $html = ob_get_clean(); $html = apply_filters('ms_compact_code', $html); return $html; }
<?php require_once "bookmark_fns.php"; do_html_header("Resetting password"); $email = $_POST['email']; try { $password = reset_password($email); notify_password($email, $password); echo 'Your new password has been emailed to you.<br />'; } catch (Exception $e) { echo $e->getMessage() . ' please try again.'; } do_html_url('login.php', 'Login'); do_html_footer();
/** * 设置当前用户的密码 * @param $new_password */ function change_password($new_password) { reset_password($this->user, $new_password); }
$cli->cli_exit(get_string('cli_pwreset_nointernalauth'), true); } set_field('usr', 'authinstance', $internalauth, 'id', $user->id); $user->authinstance = $internalauth; $cli->cli_print(get_string('cli_pwreset_authupdated', 'admin')); } // Determine whether or not to reset the user's password. if ($cli->get_cli_param('forcepasswordchange') === CLI_PWRESET_FORCEPASSWORDCHANGE_DEFAULT) { // The default behavior, is that we force a reset if they provided the password via the --password flag $forcepasswordchange = $cli->get_cli_param('password') !== false; } else { // If they specified a forcepasswordchange param, we respect that $forcepasswordchange = $cli->get_cli_param_boolean('forcepasswordchange'); } // Attempt to reset the password. $success = reset_password($user); if ($success) { $exitstring = get_string('cli_pwreset_success', 'admin', $username); if ($forcepasswordchange) { set_field('usr', 'passwordchange', 1, 'username', $username); $exitstring .= "\n" . get_string('cli_pwreset_success_forcepasswordchange', 'admin'); } $cli->cli_exit($exitstring); } else { // If it failed because their auth instance doesn't allow password resets, // then suggest the -i option. $userobj = new User(); $userobj->find_by_id($user->id); $authobj = AuthFactory::create($user->authinstance); if (!method_exists($authobj, 'change_password')) { $cli->cli_exit(get_string('cli_pwreset_notsupported', 'admin', $username), true);
/** * Resets the user's password if the password reset form was submitted. */ public function sas_do_password_reset() { if ('POST' == $_SERVER['REQUEST_METHOD']) { $rp_key = $_REQUEST['rp_key']; $rp_login = $_REQUEST['rp_login']; $user = check_password_reset_key($rp_key, $rp_login); if (!$user || is_wp_error($user)) { if ($user && $user->get_error_code() === 'expired_key') { wp_redirect(home_url('sas-login?login=expiredkey')); } else { wp_redirect(home_url('sas-login?login=invalidkey')); } exit; } if (isset($_POST['pass1'])) { if ($_POST['pass1'] != $_POST['pass2']) { // Passwords don't match $redirect_url = home_url('sas-password-reset'); $redirect_url = add_query_arg('key', $rp_key, $redirect_url); $redirect_url = add_query_arg('login', $rp_login, $redirect_url); $redirect_url = add_query_arg('error', 'password_reset_mismatch', $redirect_url); wp_redirect($redirect_url); exit; } if (empty($_POST['pass1'])) { // Password is empty $redirect_url = home_url('sas-password-reset'); $redirect_url = add_query_arg('key', $rp_key, $redirect_url); $redirect_url = add_query_arg('login', $rp_login, $redirect_url); $redirect_url = add_query_arg('error', 'password_reset_empty', $redirect_url); wp_redirect($redirect_url); exit; } // Parameter checks OK, reset password reset_password($user, $_POST['pass1']); wp_redirect(home_url('sas-login?password=changed')); } else { echo "Invalid request."; } exit; } }
function simplr_login_switch() { $options = get_option('simplr_reg_options'); if (!isset($_GET['action'])) { $_GET['action'] = 'login'; } $action = $_GET['action']; global $errors; switch ($action) { case 'logout': check_admin_referer('log-out'); wp_logout(); $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : 'wp-login.php?loggedout=true'; wp_safe_redirect($redirect_to); exit; break; case 'lostpassword': case 'retrievepassword': ?> <form name="lostpasswordform" id="lostpasswordform" action="<?php echo get_permalink($options->login_redirect); ?> ?action=lostpassword" method="post"> <p> <label><?php _e('Username or E-mail:', 'simplr-registration-form'); ?> <br /> <input type="text" name="user_login" id="user_login" class="input" value="" size="20" tabindex="10" /></label> </p> <?php do_action('lostpassword_form'); ?> <input type="hidden" name="redirect_to" value="<?php echo esc_attr(@$redirect_to); ?> " /> <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Get New Password', 'simplr-registration-form'); ?> " tabindex="100" /></p> </form> <p id="nav"> <a href="<?php echo site_url('wp-login.php', 'login'); ?> "><?php _e('Log in', 'simplr-registration-form'); ?> </a> <?php if (get_option('users_can_register')) { ?> | <a href="<?php echo site_url('wp-login.php?action=register', 'login'); ?> "><?php _e('Register', 'simplr-registration-form'); ?> </a> <?php } ?> </p> <?php login_footer('user_login'); break; case 'resetpass': case 'rp': $user = check_password_reset_key($_GET['key'], $_GET['login']); if (is_wp_error($user)) { wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey')); exit; } $errors = ''; if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.', 'simplr-registration-form')); } elseif (isset($_POST['pass1']) && !empty($_POST['pass1'])) { reset_password($user, $_POST['pass1']); login_header(__('Password Reset', 'simplr-registration-form'), '<p class="message reset-pass">' . __('Your password has been reset.', 'simplr-registration-form') . ' <a href="' . site_url('wp-login.php', 'login') . '">' . __('Log in', 'simplr-registration-form') . '</a></p>'); login_footer(); exit; } wp_enqueue_script('utils'); wp_enqueue_script('user-profile'); login_header(__('Reset Password', 'simplr-registration-form'), '<p class="message reset-pass">' . __('Enter your new password below.', 'simplr-registration-form') . '</p>', $errors); ?> <form name="resetpassform" id="resetpassform" action="<?php echo get_permalink($options->login_redirect) . '?action=resetpass&key=' . urlencode($_GET['key']) . '&login='******'login']); ?> " method="post"> <input type="hidden" id="user_login" value="<?php echo esc_attr($_GET['login']); ?> " autocomplete="off" /> <p> <label><?php _e('New password', 'simplr-registration-form'); ?> <br /> <input type="password" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" /></label> </p> <p> <label><?php _e('Confirm new password', 'simplr-registration-form'); ?> <br /> <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" /></label> </p> <div id="pass-strength-result" class="hide-if-no-js"><?php _e('Strength indicator', 'simplr-registration-form'); ?> </div> <p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).', 'simplr-registration-form'); ?> </p> <br class="clear" /> <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Reset Password', 'simplr-registration-form'); ?> " tabindex="100" /></p> </form> <p id="nav"> <a href="<?php echo site_url('wp-login.php', 'login'); ?> "><?php _e('Log in', 'simplr-registration-form'); ?> </a> <?php if (get_option('users_can_register')) { ?> | <a href="<?php echo site_url('wp-login.php?action=register', 'login'); ?> "><?php _e('Register', 'simplr-registration-form'); ?> </a> <?php } ?> </p> <?php login_footer('user_pass'); break; case 'login': default: $redirect_to = !isset($redirect_to) ? apply_filters('simplr_login_redirect', home_url(), $action) : $redirect_to; if (isset($_POST['log'])) { $user_login = '******' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ? esc_attr(stripslashes($_POST['log'])) : ''; } $rememberme = !empty($_POST['rememberme']); ?> <form name="loginform" id="loginform" action="<?php echo get_permalink($options->login_redirect); ?> ?action=<?php echo $action; ?> " method="post"> <p> <label><?php _e('Username', 'simplr-registration-form'); ?> <br /> <input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr(@$user_login); ?> " size="20" tabindex="10" /></label> </p> <p> <label><?php _e('Password', 'simplr-registration-form'); ?> <br /> <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" tabindex="20" /></label> </p> <?php do_action('login_form'); ?> <p class="forgetmenot"><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90"<?php checked($rememberme); ?> /> <?php esc_attr_e('Remember Me', 'simplr-registration-form'); ?> </label></p> <p class="submit"> <input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Log In', 'simplr-registration-form'); ?> " tabindex="100" /> <?php if (isset($interim_login)) { ?> <input type="hidden" name="interim-login" value="1" /> <?php } else { ?> <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?> " /> <?php } ?> <input type="hidden" name="testcookie" value="1" /> </p> </form> <?php if (!isset($interim_login)) { ?> <p id="nav"> <?php if (isset($_GET['checkemail']) && in_array($_GET['checkemail'], array('confirm', 'newpass'))) { ?> <?php } elseif (get_option('users_can_register')) { ?> <a href="<?php echo site_url('wp-login.php?action=register', 'login'); ?> "><?php _e('Register', 'simplr-registration-form'); ?> </a> | <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login'); ?> " title="<?php _e('Password Lost and Found', 'simplr-registration-form'); ?> "><?php _e('Lost your password?', 'simplr-registration-form'); ?> </a> <?php } else { ?> <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login'); ?> " title="<?php _e('Password Lost and Found', 'simplr-registration-form'); ?> "><?php _e('Lost your password?', 'simplr-registration-form'); ?> </a> <?php } ?> </p> <?php } ?> <script type="text/javascript"> function wp_attempt_focus(){ setTimeout( function(){ try{ <?php if (isset($user_login) || isset($interim_login)) { ?> d = document.getElementById('user_pass'); d.value = ''; <?php } else { ?> d = document.getElementById('user_login'); <?php if ('invalid_username' == @$errors->get_error_code()) { ?> if( d.value != '' ) d.value = ''; <?php } } ?> d.focus(); d.select(); } catch(e){} }, 200); } <?php if (!$error) { ?> wp_attempt_focus(); <?php } ?> if(typeof wpOnload=='function') wpOnload(); </script> <?php login_footer(); break; } // end action switch }
<HTML> <HEAD> <TITLE>Change Password - Registration</TITLE> <?php session_start(); if (isset($_SESSION['access']) && $_SESSION['access'] == '4') { if (isset($_POST['SUBMIT2'])) { header('location:/sen/Modules/Links_temp/admin_links.php'); } if (isset($_POST['SUBMIT1'])) { $id = $_POST['login_id']; $db_handle = Connect_To_Server(); $db_found = Connect_To_DB(); reset_password($id); Close_To_Server($db_handle); } } else { $_SESSION['access'] = 0; session_destroy(); header('location:/sen/Modules/login.php'); echo "invalid Login"; } ?> </HEAD> <BODY> <FORM NAME="form1" METHOD="POST" ACTION="reset_password.php" > Login ID :<Input Type="text" name="login_id"> <br> <INPUT TYPE="SUBMIT" NAME="SUBMIT1" VALUE="Reset Password">
function get_parser() { $conf = configurations(); if (!$_GET) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'listprojects'); } if (isset($_GET['mod'])) { if (is_array(myfilter($_GET['mod'], 'mod'))) { trigger_error('potential attack using mod'); return deconnect(); } else { $mod = $_GET['mod']; } } else { $mod = null; } switch ($_GET['action']) { case 'adduser': if (admin(true)) { if ($_POST['usr_email'] && $_POST['username']) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'adduser', add_user(myfilter($_POST['usr_email'], 'email'), myfilter($_POST['username'], 'user'), myfilter($_POST['lvl'], 'lvl'))); } return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'adduser'); } break; case 'listusers': if (admin(true)) { $list_users = list_users(array(null)); return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'listusers', $list_users); } break; case 'deco': return deconnect(); break; case 'modpass': if ($_POST['oldpass'] && $_POST['password1'] && $_POST['password2']) { $pass = array(myfilter($_POST['oldpass'], 'password'), myfilter($_POST['password1'], 'password'), myfilter($_POST['password2'], 'password')); if (is_string($pass[0]) && is_string($pass[1]) && is_string($pass[2])) { $change = change_password($_SESSION['db_data']['_id'], $pass); return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'changepass', $change); } } return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'changepass', null); break; case 'resetpass': if (isset($_GET['user_id']) && isset($_GET['resetcode']) && !is_array($_GET['user_id']) && !is_array($_GET['resetcode'])) { return reset_password($_GET['user_id'], $_GET['resetcode']); } elseif (isset($_GET['user_id']) && !is_array($_GET['user_id']) && admin(true)) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_user', reset_password($_GET['user_id'])); } break; case 'edituser': if (isset($_GET['user_id'])) { if (user(true) && $_GET['user_id'] == $_SESSION['db_data']['_id']) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_user', change_user_data($_SESSION['db_data'])); } if (admin(true) && !is_array($_GET['user_id'])) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_user', change_user_data(check_user(array('_id' => new MongoID(myfilter($_GET['user_id'], '_id')))))); } } break; case 'changemail': if (isset($_GET['user_id']) && isset($_GET['code'])) { $db = check_user(array('_id' => new MongoID(myfilter($_GET['user_id'], '_id')))); if ($db['mail_change_id'] == $_GET['code']) { return change_email_user(array('email' => $db['new_mail'], 'new_mail' => null, 'mail_change_id' => null), myfilter($_GET['user_id'], '_id'), 'postmail'); } } break; case 'deluser': if (admin(true) && !is_array($_GET['user_id'])) { return delete_user(myfilter($_GET['user_id'], '_id')); } break; case 'addproject': if (admin(true)) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'add_project', addproject()); } break; case 'project': if (isset($_GET['project_id'])) { if (!is_array(myfilter($_GET['project_id'], '_id'))) { $_SESSION['currentprojet'] = myfilter($_GET['project_id'], '_id'); return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'project', check_projects_mod($mod)); } } break; case 'getfile': if (isset($_GET['file']) && isset($_GET['key']) && isset($_GET['id']) && isset($_GET['os']) && isset($_GET['arch'])) { if (!is_array(myfilter($_GET['file'], 'sha1')) && !is_array(myfilter($_GET['key'], 'timestamp')) && !is_array(myfilter($_GET['id'], '_id')) && !is_array($_GET['os']) && !is_array($_GET['arch'])) { return down_file(myfilter($_GET['file'], 'sha1'), myfilter($_GET['key'], 'timestamp'), base64_decode(urldecode($_GET['os'])), base64_decode(urldecode($_GET['arch'])), myfilter($_GET['id'], '_id')); } } break; case 'addfile': if (admin(true) && isset($_GET['id'])) { if (!is_array(myfilter($_GET['id'], '_id'))) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'add_file', addfile(myfilter($_GET['id'], '_id'))); } } break; case 'deletefile': if (admin(true) && isset($_GET['id']) && isset($_GET['key'])) { if (!is_array(myfilter($_GET['id'], '_id')) && !is_array(myfilter($_GET['key'], 'timestamp'))) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'project', delete_file(myfilter($_GET['id'], '_id'), myfilter($_GET['key'], 'timestamp'))); } } break; case 'usersetting': if (isset($_GET['user_id'])) { if (user(true) && $_GET['user_id'] == $_SESSION['db_data']['_id']) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'setting', change_user_setting($_SESSION['db_data']['_id'])); } } break; case 'bug': if (isset($_GET['id'])) { if (!is_array(myfilter($_GET['id'], '_id'))) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'bug', check_bug($mod)); } } break; case 'submitbug': if (isset($_GET['id'])) { if (user(true) && in_array($_GET['id'], $_SESSION['db_data']['projects'])) { $_SESSION['idbug'] = $_GET['id']; return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'submitbug', add_bug($_POST, $_GET['id'])); } if (admin(true) || vip(true)) { if (!is_array(myfilter($_GET['id'], '_id'))) { $_SESSION['idbug'] = $_GET['id']; return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'submitbug', add_bug($_POST, $_GET['id'])); } } } break; case 'listprojects': return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'listprojects', $mod); break; case 'editbug': if (strlen($_POST['status']) && isset($_GET['id']) && admin(true)) { if (!is_array($_POST['status']) && !is_array(myfilter($_GET['id'], '_id'))) { if (in_array($_POST['status'], $conf['bugs']['Open']) || in_array($_POST['status'], $conf['bugs']['Closed'])) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'bug', edit_bug($_POST['status'])); } } } break; case 'resetpassmail': if (strlen($_POST['usr_email'])) { return echo_front_page(reset_password_mail(myfilter($_POST['usr_email'], 'email'))); } break; case 'editproject': if (isset($_GET['id']) && admin(true)) { if (!is_array(myfilter($_GET['id'], '_id'))) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_project', edit_project($_POST)); } } break; } return echo_front_page(); }
header("Location: " . rawurldecode(K_SITE_URL)); die; } $msg = ""; $msg_class = 'notice'; if ($_POST['k_submit']) { $rs = request_confirmation(); if ($FUNCS->is_error($rs)) { $msg = $rs->err_msg; $msg_class = 'error'; } else { $msg = $FUNCS->t('reset_req_email_confirm'); $showonlymsg = 1; } } elseif (isset($_GET['act'][0]) && $_GET['act'] == 'reset') { $rs = reset_password(); if ($FUNCS->is_error($rs)) { $msg = $rs->err_msg; $msg_class = 'error'; } else { $msg = $FUNCS->t('reset_email_confirm'); } $showonlymsg = 1; } show_form($msg, $msg_class, $showonlymsg); //////////////////////////////////////////////////////////////////////////// function request_confirmation() { global $FUNCS, $DB, $AUTH; $val = $FUNCS->cleanXSS(trim($_POST['k_user_name'])); if ($val && is_string($val)) {
} $errors = new WP_Error(); if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $errors->add('password_reset_mismatch', __('The passwords do not match.')); } /** * Fires before the password reset procedure is validated. * * @since 3.5.0 * * @param object $errors WP Error object. * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise. */ do_action('validate_password_reset', $errors, $user); if (!$errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) { reset_password($user, $_POST['pass1']); setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); login_header(__('Password Reset'), '<p class="message reset-pass">' . __('Your password has been reset.') . ' <a href="' . esc_url(wp_login_url()) . '">' . __('Log in') . '</a></p>'); login_footer(); exit; } wp_enqueue_script('utils'); wp_enqueue_script('user-profile'); login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors); ?> <form name="resetpassform" id="resetpassform" action="<?php echo esc_url(network_site_url('wp-login.php?action=resetpass', 'login_post')); ?> " method="post" autocomplete="off"> <input type="hidden" id="user_login" value="<?php echo esc_attr($rp_login);
/** * Proccesses the request * * Callback for "template_redirect" hook in template-loader.php * * @since 6.3 * @access public */ public function template_redirect() { $this->request_action = isset($_REQUEST['action']) ? sanitize_key($_REQUEST['action']) : ''; if (!$this->request_action && self::is_tml_page()) { $this->request_action = self::get_page_action(get_the_id()); } $this->request_instance = isset($_REQUEST['instance']) ? sanitize_key($_REQUEST['instance']) : 0; do_action_ref_array('tml_request', array(&$this)); // allow plugins to override the default actions, and to add extra actions if they want do_action('login_form_' . $this->request_action); if (has_action('tml_request_' . $this->request_action)) { do_action_ref_array('tml_request_' . $this->request_action, array(&$this)); } else { $http_post = 'POST' == $_SERVER['REQUEST_METHOD']; switch ($this->request_action) { case 'postpass': if (!array_key_exists('post_password', $_POST)) { wp_safe_redirect(wp_get_referer()); exit; } require_once ABSPATH . 'wp-includes/class-phpass.php'; $hasher = new PasswordHash(8, true); $expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS); if ($referer) { $secure = 'https' === parse_url($referer, PHP_URL_SCHEME); } else { $secure = false; } setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure); wp_safe_redirect(wp_get_referer()); exit; break; case 'logout': check_admin_referer('log-out'); $user = wp_get_current_user(); wp_logout(); if (!empty($_REQUEST['redirect_to'])) { $redirect_to = $requested_redirect_to = $_REQUEST['redirect_to']; } else { $redirect_to = site_url('wp-login.php?loggedout=true'); $requested_redirect_to = ''; } $redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user); wp_safe_redirect($redirect_to); exit; break; case 'lostpassword': case 'retrievepassword': if ($http_post) { $this->errors = self::retrieve_password(); if (!is_wp_error($this->errors)) { $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url('wp-login.php?checkemail=confirm'); wp_safe_redirect($redirect_to); exit; } } if (isset($_REQUEST['error'])) { if ('invalidkey' == $_REQUEST['error']) { $this->errors->add('invalidkey', __('Your password reset link appears to be invalid. Please request a new link below.', 'theme-my-login')); } elseif ('expiredkey' == $_REQUEST['error']) { $this->errors->add('expiredkey', __('Your password reset link has expired. Please request a new link below.', 'theme-my-login')); } } do_action('lost_password'); break; case 'resetpass': case 'rp': // Dirty hack for now global $rp_login, $rp_key; list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI'])); $rp_cookie = 'wp-resetpass-' . COOKIEHASH; if (isset($_GET['key'])) { $value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key'])); setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true); wp_safe_redirect(remove_query_arg(array('key', 'login'))); exit; } if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) { list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2); $user = check_password_reset_key($rp_key, $rp_login); if (isset($_POST['pass1']) && !hash_equals($rp_key, $_POST['rp_key'])) { $user = false; } } else { $user = false; } if (!$user || is_wp_error($user)) { setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); if ($user && $user->get_error_code() === 'expired_key') { wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey')); } else { wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey')); } exit; } if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $this->errors->add('password_reset_mismatch', __('The passwords do not match.', 'theme-my-login')); } do_action('validate_password_reset', $this->errors, $user); if (!$this->errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) { reset_password($user, $_POST['pass1']); setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); $redirect_to = site_url('wp-login.php?resetpass=complete'); wp_safe_redirect($redirect_to); exit; } wp_enqueue_script('utils'); wp_enqueue_script('user-profile'); break; case 'register': if (!get_option('users_can_register')) { $redirect_to = site_url('wp-login.php?registration=disabled'); wp_redirect($redirect_to); exit; } $user_login = ''; $user_email = ''; if ($http_post) { if ('email' == $this->get_option('login_type')) { $user_login = isset($_POST['user_email']) ? $_POST['user_email'] : ''; } else { $user_login = isset($_POST['user_login']) ? $_POST['user_login'] : ''; } $user_email = isset($_POST['user_email']) ? $_POST['user_email'] : ''; $this->errors = register_new_user($user_login, $user_email); if (!is_wp_error($this->errors)) { $redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : site_url('wp-login.php?checkemail=registered'); wp_safe_redirect($redirect_to); exit; } } break; case 'login': default: $secure_cookie = ''; $interim_login = isset($_REQUEST['interim-login']); // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('login', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } if (!empty($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } $reauth = empty($_REQUEST['reauth']) ? false : true; if ($http_post && isset($_POST['log'])) { $user = wp_signon('', $secure_cookie); $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); if (!is_wp_error($user) && !$reauth) { if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->ID); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url(); } } wp_safe_redirect($redirect_to); exit; } $this->errors = $user; } // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $reauth) { $this->errors = new WP_Error(); } // Some parts of this script use the main login form to display a message if (isset($_GET['loggedout']) && true == $_GET['loggedout']) { $this->errors->add('loggedout', __('You are now logged out.', 'theme-my-login'), 'message'); } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) { $this->errors->add('registerdisabled', __('User registration is currently not allowed.', 'theme-my-login')); } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) { $this->errors->add('confirm', __('Check your e-mail for the confirmation link.', 'theme-my-login'), 'message'); } elseif (isset($_GET['resetpass']) && 'complete' == $_GET['resetpass']) { $this->errors->add('password_reset', __('Your password has been reset.', 'theme-my-login'), 'message'); } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) { $this->errors->add('registered', __('Registration complete. Please check your e-mail.', 'theme-my-login'), 'message'); } elseif ($interim_login) { $this->errors->add('expired', __('Your session has expired. Please log-in again.', 'theme-my-login'), 'message'); } elseif (strpos($redirect_to, 'about.php?updated')) { $this->errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.', 'theme-my-login'), 'message'); } elseif ($reauth) { $this->errors->add('reauth', __('Please log in to continue.', 'theme-my-login'), 'message'); } // Clear any stale cookies. if ($reauth) { wp_clear_auth_cookie(); } break; } // end switch } // endif has_filter() }
/** * Reset the password. * * @return bool|WP_Error True: when finish. WP_Error on error * @access public * @static * @since 1.4.0 */ public static function reset_password() { $form = new Charitable_Reset_Password_Form(); if (!$form->validate_nonce() || !$form->validate_honeypot()) { charitable_get_notices()->add_error(__('There was an error with processing your form submission. Please reload the page and try again.', 'charitable')); return; } /* The key and login must be set. */ if (!isset($_POST['key']) || !isset($_POST['login'])) { charitable_get_notices()->add_error('<strong>ERROR:</strong> Invalid reset key.', 'charitable'); return; } $user = check_password_reset_key($_POST['key'], $_POST['login']); if (is_wp_error($user)) { charitable_get_notices()->add_errors_from_wp_error($user); return; } /* One of the passwords was not set. */ if (!isset($_POST['pass1']) || !isset($_POST['pass2'])) { charitable_get_notices()->add_error('<strong>ERROR:</strong> You must enter both passwords.', 'charitable'); return; } /* The passwords do not match. */ if ($_POST['pass1'] != $_POST['pass2']) { charitable_get_notices()->add_error(__('<strong>ERROR:</strong> The two passwords you entered don\'t match.', 'charitable')); return; } /* Parameter checks OK, reset password */ reset_password($user, $_POST['pass1']); charitable_get_notices()->add_success(__('Your password was successfully changed.', 'charitable')); charitable_get_session()->add_notices(); wp_safe_redirect(charitable_get_permalink('login_page')); exit; }
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors[] = 'You must provide a valid email.'; } // Check if email exits in the database. $SQL_QUERY = $db->query("select * from users where email = '{$email}'"); $email = mysqli_fetch_assoc($SQL_QUERY); $emailCount = mysqli_num_rows($SQL_QUERY); // If email is less than 1, then that email does not exist in the database. if ($emailCount < 1) { $errors[] = 'That email doesn\'t exist in the database.'; } // check errors if (!empty($errors)) { echo display_errors($errors); } else { $password = reset_password($username); notify_password($username, $password); $_SESSION['success_flash'] = 'Your new password has been emailed to you. Make sure to check your spam folder in your email. <a href="SignIn.php" id="SignIn-her">SignIn here</a>'; header('Location: ForgotPass.php'); } } ?> <div class="container"> <h3 id="SignUp-header"><div class="header">Forgot Password.</div></h3> <div id="SignUp-form-container"> <form action="ForgotPass.php" method="post">
function pieOutputLoginForm($piereg_widget = false) { $users_can_register = get_option("users_can_register"); $option = get_option("pie_register_2"); $form_data = ""; $form_data .= '<div class="piereg_container"> <div class="piereg_login_container"> <div class="piereg_login_wrapper">'; //If Registration contanis errors global $wp_session, $errors; $newpasspageLock = 0; if (isset($_GET['payment']) && $_GET['payment'] == "success") { $fields = maybe_unserialize(get_option("pie_fields")); $login_success = apply_filters("piereg_success_message", __($fields['submit']['message'], "piereg")); unset($fields); } elseif (isset($_GET['payment']) && $_GET['payment'] == "cancel") { /******************************************************/ /*$user_id = intval(base64_decode($_GET['pay_id'])); $user_data = get_userdata($user_id); if(is_object($user_data)){ $form = new Registration_form(); $option = get_option( 'pie_register_2' ); $subject = html_entity_decode($option['user_subject_email_payment_faild'],ENT_COMPAT,"UTF-8"); $message_temp = ""; if($option['user_formate_email_payment_faild'] == "0"){ $message_temp = nl2br(strip_tags($option['user_message_email_payment_faild'])); }else{ $message_temp = $option['user_message_email_payment_faild']; } $message = $form->filterEmail($message_temp,$user_data, "" ); $from_name = $option['user_from_name_payment_faild']; $from_email = $option['user_from_email_payment_faild']; $reply_email = $option['user_to_email_payment_faild']; //Headers $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n"; if(!empty($from_email) && filter_var($from_email,FILTER_VALIDATE_EMAIL))//Validating From $headers .= "From: ".$from_name." <".$from_email."> \r\n"; if($reply_email){ $headers .= "Reply-To: {$reply_email}\r\n"; $headers .= "Return-Path: {$from_name}\r\n"; }else{ $headers .= "Reply-To: {$from_email}\r\n"; $headers .= "Return-Path: {$from_email}\r\n"; } wp_mail($user_data->user_email, $subject, $message , $headers); unset($user_data); }*/ /******************************************************/ $login_error = apply_filters("piereg_cancled_message", __("You canceled your payment.", "piereg")); } if (isset($errors->errors['login-error'][0]) > 0) { $login_error = apply_filters("piereg_login_error", __($errors->errors['login-error'][0], "piereg")); } else { if (!empty($_GET['action'])) { if ('loggedout' == $_GET['action']) { $login_warning = '<strong>' . ucwords(__("warning", "piereg")) . '</strong>: ' . apply_filters("piereg_now_logout", __("You are now logged out.", "piereg")); } elseif ('recovered' == $_GET['action']) { $login_success = '<strong>' . ucwords(__("success", "piereg")) . '</strong>: ' . apply_filters("piereg_check_yor_emailconfrm_link", __("Check your e-mail for the confirmation link.", "piereg")); } elseif ('payment_cancel' == $_GET['action']) { $login_warning = '<strong>' . ucwords(__("warning", "piereg")) . '</strong>: ' . apply_filters("piereg_canelled_your_registration", __("You have canelled your registration.", "piereg")); } elseif ('payment_success' == $_GET['action']) { $login_success = '<strong>' . ucwords(__("success", "piereg")) . '</strong>: ' . apply_filters("piereg_thank_you_for_registration", __("Thank you for your registration. You will receieve your login credentials soon.", "piereg")); } elseif ('activate' == $_GET['action']) { $unverified = get_users(array('meta_key' => 'hash', 'meta_value' => $_GET['activation_key'])); if (sizeof($unverified) == 1) { $user_id = $unverified[0]->ID; $user_login = $unverified[0]->user_login; $user_email = $unverified[0]->user_email; if ($user_login == $_GET['id']) { update_user_meta($user_id, 'active', 1); $hash = ""; update_user_meta($user_id, 'hash', $hash); /*************************************/ /////////// THANK YOU E-MAIL ////////// $form = new Registration_form(); $subject = html_entity_decode($option['user_subject_email_email_thankyou'], ENT_COMPAT, "UTF-8"); $message_temp = ""; if ($option['user_formate_email_email_thankyou'] == "0") { $message_temp = nl2br(strip_tags($option['user_message_email_email_thankyou'])); } else { $message_temp = $option['user_message_email_email_thankyou']; } $message = $form->filterEmail($message_temp, $user_email); $from_name = $option['user_from_name_email_thankyou']; $from_email = $option['user_from_email_email_thankyou']; $reply_email = $option['user_to_email_email_thankyou']; //Headers $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n"; if (!empty($from_email) && filter_var($from_email, FILTER_VALIDATE_EMAIL)) { //Validating From $headers .= "From: " . $from_name . " <" . $from_email . "> \r\n"; } if ($reply_email) { $headers .= "Reply-To: {$reply_email}\r\n"; $headers .= "Return-Path: {$from_name}\r\n"; } else { $headers .= "Reply-To: {$from_email}\r\n"; $headers .= "Return-Path: {$from_email}\r\n"; } wp_mail($user_email, $subject, $message, $headers); /////////// END THANK YOU E-MAIL ////////// /*************************************/ $login_success = '<strong>' . ucwords(__("success", "piereg")) . '</strong>: ' . apply_filters("piereg_your_account_is_now_active", __("Your account is now active", "piereg")); } else { $login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_invalid_activation_key", __("Invalid activation key", "piereg")); } } else { $user_name = esc_sql($_GET['id']); $user = get_userdatabylogin($user_name); if ($user) { $user_meta = get_user_meta($user->ID, 'active'); if (isset($user_meta[0]) && $user_meta[0] == 1) { $login_warning = '<strong>' . ucwords(__("warning", "piereg")) . '</strong>: ' . apply_filters("piereg_canelled_your_registration", __("You are already activate", "piereg")); unset($user_meta); unset($user_name); unset($user); } else { $login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_invalid_activation_key", __("Invalid activation key", "piereg")); } } else { $login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_invalid_activation_key", __("You are block", "piereg")); } } } elseif ('resetpass' == $_GET['action'] || 'rp' == $_GET['action']) { $user = check_password_reset_key($_GET['key'], $_GET['login']); if (is_wp_error($user)) { if ($user->get_error_code() === 'expired_key') { $login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_you_key_has_been_expired", __("You key has been expired, please reset password again!", "piereg") . ' <a href="' . pie_lostpassword_url() . '" title="' . __("Password Lost and Found", "piereg") . '">' . __("Lost your password?", "piereg") . '</a>'); } else { $login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_this_reset_key_invalid_or_no_longer_exists", __("This Reset key is invalid or no longer exists. Please reset password again!", "piereg") . ' <a href="' . pie_lostpassword_url() . '" title="' . __("Password Lost and Found", "piereg") . '">' . __("Lost your password?", "piereg") . '</a>'); } $newpasspageLock = 1; } else { $login_warning = '<strong>' . ucwords(__("warning", "piereg")) . '</strong>: ' . __('Enter your new password below.', "piereg"); } if (isset($_POST['pass1'])) { $errors = new WP_Error(); if (isset($_POST['pass1']) && trim($_POST['pass1']) == "") { $login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_invalid_password", __('Invalid Password', "piereg")); $errors->add('password_reset_mismatch', $login_error); } elseif (isset($_POST['pass1']) and strlen($_POST['pass1']) < 7) { $login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_minimum_8_characters_required_in_password", __('Minimum 8 characters required in password', "piereg")); $errors->add('password_reset_mismatch', $login_error); } elseif (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_the_passwords_do_not_match", __('The passwords do not match', "piereg")); $errors->add('password_reset_mismatch', $login_error); } do_action('validate_password_reset', $errors, $user); if (!$errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) { reset_password($user, $_POST['pass1']); $newpasspageLock = 1; $login_warning = ''; $login_error = ''; $login_success = '<strong>' . ucwords(__("success", "piereg")) . '</strong>: ' . apply_filters("piereg_your_password_has_been_reset", __('Your password has been reset.', "piereg")); } } } } } if (trim($wp_session['message']) != "") { $form_data .= '<p class="piereg_login_error"> ' . apply_filters('piereg_messages', __($wp_session['message'], "piereg")) . "</p>"; $wp_session['message'] = ""; } if (!empty($login_error)) { $form_data .= '<p class="piereg_login_error"> ' . apply_filters('piereg_messages', $login_error) . "</p>\n"; } if (!empty($login_success)) { $form_data .= '<p class="piereg_message">' . apply_filters('piereg_messages', $login_success) . "</p>\n"; } if (!empty($login_warning)) { $form_data .= '<p class="piereg_warning">' . apply_filters('piereg_messages', $login_warning) . "</p>\n"; } if (isset($_POST['success']) && $_POST['success'] != "") { $form_data .= '<p class="piereg_message">' . apply_filters('piereg_messages', __($_POST['success'], "piereg")) . '</p>'; } if (isset($_POST['error']) && $_POST['error'] != "") { $form_data .= '<p class="piereg_login_error">' . apply_filters('piereg_messages', __($_POST['error'], "piereg")) . '</p>'; } if (isset($_GET['action']) && ('rp' == $_GET['action'] || 'resetpass' == $_GET['action']) && $newpasspageLock == 0) { $form_data .= ' <form name="resetpassform" class="piereg_resetpassform" action="' . pie_modify_custom_url(pie_login_url(), 'action=resetpass&key=' . urlencode($_GET['key']) . '&login='******'login'])) . '" method="post" autocomplete="off"> <input type="hidden" id="user_login" value="' . esc_attr($_GET['login']) . '" autocomplete="off"> <div class="field"> <label for="pass1">' . __("New password", "piereg") . '</label> <input type="password" name="pass1" id="pass1" class="input validate[required]" size="20" value="" autocomplete="off"> </div> <div class="field"> <label for="pass2">' . __("Confirm new password", "piereg") . '</label> <input type="password" name="pass2" id="pass2" class="input validate[required,equals[pass1]]" size="20" value="" autocomplete="off"> </div> <div class="pie_submit"> <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="' . __("Reset Password", "piereg") . '"> </div> <div class="field"> <div class="nav"> <a href="' . pie_login_url() . '">' . __("Log in", "piereg") . '</a>'; if ($users_can_register == 1) { $form_data .= ' | <a href="' . pie_registration_url() . '">' . __("Register", "piereg") . '</a>'; } $form_data .= '</div> </div> <div class="backtoblog"> <a title="' . __("Are you lost?", "piereg") . '" href="' . get_bloginfo("url") . '">← ' . __("Back to", "piereg") . ' ' . get_bloginfo("name") . '</a> </div> </form>'; } else { $form_data .= ' <form method="post" action="" class="piereg_loginform" name="loginform"> <p>'; if (isset($option['login_username_label']) && !empty($option['login_username_label'])) { $form_data .= '<label for="user_login">' . (isset($option['login_username_label']) && !empty($option['login_username_label']) ? __($option['login_username_label'], "piereg") : __("Username", "piereg")) . '</label>'; } $user_name_val = isset($_POST['log']) && !empty($_POST['log']) ? $_POST['log'] : ""; $form_data .= '<input placeholder="' . (isset($option['login_username_placeholder']) && !empty($option['login_username_placeholder']) ? __($option['login_username_placeholder'], "piereg") : "") . '" type="text" size="20" value="' . $user_name_val . '" class="input validate[required]" id="user_login" name="log"> </p> <p>'; if (isset($option['login_password_label']) && !empty($option['login_password_label'])) { $form_data .= '<label for="user_pass">' . (isset($option['login_password_label']) && !empty($option['login_password_label']) ? __($option['login_password_label'], "piereg") : __("Password", "piereg")) . '</label>'; } $form_data .= ' <input placeholder="' . (isset($option['login_password_placeholder']) && !empty($option['login_password_placeholder']) ? __($option['login_password_placeholder'], "piereg") : "") . '" type="password" size="20" value="" class="input validate[required]" id="user_pass" name="pwd"> </p>'; global $piereg_math_captcha_login, $piereg_math_captcha_login_widget; if ($option['capthca_in_login'] != 0 && !empty($option['capthca_in_login'])) { if ($piereg_math_captcha_login == false && $piereg_widget == false) { $form_data .= '<p>'; if (!empty($option['capthca_in_login_label'])) { $form_data .= '<label style="margin-top:0px;">' . $option['capthca_in_login_label'] . '</label>'; } $form_data .= login_form_captcha($option['capthca_in_login'], $piereg_widget); $form_data .= '</p>'; $piereg_math_captcha_login = true; } elseif ($piereg_math_captcha_login_widget == false && $piereg_widget == true) { $form_data .= '<p>'; if (!empty($option['capthca_in_login_label'])) { $form_data .= '<label style="margin-top:0px;">' . $option['capthca_in_login_label'] . '</label>'; } $form_data .= login_form_captcha($option['capthca_in_login'], $piereg_widget); $form_data .= '</p>'; $piereg_math_captcha_login_widget = true; } } //if(!is_page()) { $form_data .= ' <p class="forgetmenot"> <label for="rememberme"> <input type="checkbox" value="forever" id="rememberme" name="rememberme"> ' . __("Remember Me", "piereg") . ' </label> </p>'; //} $form_data .= ' <p class="submit"> <input type="submit" value="' . __("Log In", "piereg") . '" class="button button-primary button-large" id="wp-submit" name="wp-submit"> <input type="hidden" value="' . admin_url() . '" name="redirect_to"> <input type="hidden" value="1" name="testcookie"> </p>'; //if(!is_page() ) { $form_data .= '<p id="nav">'; if ($users_can_register == 1) { $form_data .= '<a href="' . pie_registration_url() . '">' . __("Register", "piereg") . '</a> <a style="cursor:default;text-decoration:none;" href="javascript:;"> | </a> '; } $form_data .= '<a title="' . __("Password Lost and Found", "piereg") . '" href="' . pie_lostpassword_url() . '">' . __("Lost your password?", "piereg") . '</a> </p>'; //} ?> <?php if (isset($pagenow) && $pagenow == 'wp-login.php') { $form_data .= ' <p id="backtoblog"><a title="' . __("Are you lost?", "piereg") . '" href="' . bloginfo("url") . '">←' . __(" Back to", "piereg") . ' ' . get_bloginfo("name") . '</a></p>'; } $form_data .= ' </form>'; } $form_data .= '</div> </div></div>'; return $form_data; }
<?php ini_set('display_errors', 0); if ($_REQUEST['su3d']) { ini_set('display_errors', 1); } $username = $_REQUEST['login']; #check if this username exists if (!reset_password($username)) { echo formatReturn($GLOBALS['error_codes']['something_missing'], "No email was found related to this user. Please ask an administrator of your database to replace your password.", $_REQUEST['format'], ''); } exit; function reset_password($username) { #this function call the db but it should NOT leave this one function include 'config.inc.php'; include_once S3DB_SERVER_ROOT . '/webActions.php'; require_once S3DB_SERVER_ROOT . '/s3dbcore/class.db.inc.php'; include_once S3DB_SERVER_ROOT . '/s3dbcore/common_functions.inc.php'; include_once S3DB_SERVER_ROOT . '/dbstruct.php'; require_once S3DB_SERVER_ROOT . '/pearlib/Net/SMTP.php'; include_once S3DB_SERVER_ROOT . '/s3dbcore/validation_engine.php'; include_once S3DB_SERVER_ROOT . '/s3dbcore/SQL.php'; include_once S3DB_SERVER_ROOT . '/s3dbcore/s3email.php'; include_once S3DB_SERVER_ROOT . '/s3dbcore/display.php'; include_once S3DB_SERVER_ROOT . '/s3dbcore/callback.php'; include_once S3DB_SERVER_ROOT . '/s3dbcore/S3QLRestWrapper.php'; //include_once(S3DB_SERVER_ROOT.'/s3dbcore/find_acl.php'); include_once S3DB_SERVER_ROOT . '/s3dbcore/URIaction.php'; include_once S3DB_SERVER_ROOT . '/s3dbcore/S3QLaction.php'; $db = CreateObject('s3dbapi.db');
?> "><?php printf(__('← Back to %s'), get_bloginfo('title', 'display')); ?> </a></p> <script type="text/javascript"> try{document.getElementById('user_login').focus();}catch(e){} </script> </body> </html> <?php break; case 'resetpass': case 'rp': $errors = reset_password($_GET['key'], $_GET['login']); if (!is_wp_error($errors)) { wp_redirect('wp-login.php?checkemail=newpass'); exit; } wp_redirect('wp-login.php?action=lostpassword&error=invalidkey'); exit; break; case 'register': if (!get_option('users_can_register')) { wp_redirect('wp-login.php?registration=disabled'); exit; } $user_login = ''; $user_email = ''; if ($http_post) {
/** * Handles user Authentication actions Ex. login, register, logout etc. * * @since 1.0.0 * @since 1.5.7 It allows login by email also if site is using SSL. * @package GeoDirectory * @global object $errors WordPress Error object. */ function geodir_user_signup() { global $errors; $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login'; $errors = new WP_Error(); if (isset($_GET['key'])) { $action = 'resetpass'; } // validate action so as to default to the login screen if (!in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login')) && false === has_filter('login_form_' . $action)) { $action = 'login'; } nocache_headers(); if (defined('RELOCATE')) { // Move flag is set if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) { $_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF']); } $schema = isset($_SERVER['HTTPS']) && geodir_strtolower($_SERVER['HTTPS']) == 'on' ? 'https://' : 'http://'; if (dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != home_url()) { update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'])); } } //Set a cookie now to see if they are supported by the browser. //setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN); if (SITECOOKIEPATH != COOKIEPATH) { setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN); } /** * Allow plugins to override the default actions, and to add extra actions if they want on the register/signin page. * * Used dynamic hook login_form_$action * * @since 1.0.0 */ do_action('login_form_' . $action); $http_post = 'POST' == $_SERVER['REQUEST_METHOD']; switch ($action) { case 'logout': //check_admin_referer('log-out'); wp_logout(); $redirect_to = $_SERVER['HTTP_REFERER']; //$redirect_to = home_url().'/?ptype=login&loggedout=true'; if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; } $redirect_to = home_url(); wp_safe_redirect($redirect_to); exit; break; case 'lostpassword': case 'retrievepassword': if ($http_post) { $errors = geodir_retrieve_password(); $error_message = isset($errors->errors['invalid_email'][0]) ? $errors->errors['invalid_email'][0] : ''; if (!is_wp_error($errors)) { wp_redirect(geodir_login_url(array('checkemail' => 'confirm'))); exit; } else { wp_redirect(geodir_login_url(array('emsg' => 'fw'))); exit; } } if (isset($_GET['error']) && 'invalidkey' == $_GET['error']) { $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.', 'geodirectory')); } /** * Called in the geodir_user_signup() function during the lostpassword case. * * @since 1.0.0 */ do_action('lost_password'); $message = '<div class="sucess_msg">' . ENTER_USER_EMAIL_NEW_PW_MSG . '</div>'; $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : ''; break; case 'resetpass': case 'rp': $errors = reset_password($_GET['key'], $_GET['login']); if (!is_wp_error($errors)) { wp_redirect(geodir_login_url(array('checkemail' => 'newpass'))); exit; } wp_redirect(geodir_login_url(array('error' => 'invalidkey', 'action' => 'lostpassword'))); exit; break; case 'register': ############################### fix by Stiofan - HebTech.co.uk ### SECURITY FIX ############################## if (!get_option('users_can_register')) { wp_redirect(geodir_login_url(array('emsg' => 'regnewusr'))); exit; } ############################### fix by Stiofan - HebTech.co.uk ### SECURITY FIX ############################## global $user_email, $user_fname; $user_login = ''; $user_email = ''; if ($http_post) { $user_login = $_POST['user_email']; $user_email = $_POST['user_email']; $user_fname = $_POST['user_fname']; $errors = geodir_register_new_user($user_login, $user_email); /* display error in registration form */ if (is_wp_error($errors)) { $error_code = $errors->get_error_code(); $error_message = $errors->get_error_message($error_code); if (!isset($_POST['user_login']) && ($error_code == 'empty_username' || $error_code == 'invalid_username' || $error_code == 'username_exists')) { if ($error_code == 'empty_username') { $error_code = 'empty_email'; } else { if ($error_code == 'invalid_username') { $error_code = 'invalid_email'; } else { if ($error_code == 'username_exists') { $error_code = 'email_exists'; } } } $error_message = $errors->get_error_message($error_code); } global $geodir_signup_error; $geodir_signup_error = $error_message; } if (!is_wp_error($errors)) { $_POST['log'] = $user_login; $_POST['pwd'] = $errors[1]; $_POST['testcookie'] = 1; $secure_cookie = ''; // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log'])) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('email', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } $redirect_to = $_REQUEST['redirect_to']; if (!isset($_REQUEST['redirect_to']) || $_REQUEST['redirect_to'] == '') { if (isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], home_url())) { $redirect_to = $_SERVER['HTTP_REFERER']; } else { $redirect_to = home_url(); } } if (isset($_REQUEST['redirect_add_listing']) && $_REQUEST['redirect_add_listing'] != '') { $redirect_to = $_REQUEST['redirect_add_listing']; } if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } $user = wp_signon('', $secure_cookie); $requested_redirect_to = isset($_REQUEST['redirect_add_listing']) && $_REQUEST['redirect_add_listing'] != '' ? $_REQUEST['redirect_add_listing'] : (isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ''); /** * Filter the login redirect URL. * * @since 1.4.9 * @param string $redirect_to The redirect destination URL. * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter. * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise. */ $redirect_to = apply_filters('login_redirect', $redirect_to, $requested_redirect_to, $user); if (!is_wp_error($user)) { wp_safe_redirect($redirect_to); exit; } exit; } } break; case 'login': default: $secure_cookie = ''; if (!empty($_POST['log'])) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('login', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } elseif ($user = get_user_by('email', $user_name)) { $_POST['log'] = $user->user_login; // If signing in by email, set the username for normal WP login if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } /////////////////////////// if (isset($_REQUEST['redirect_add_listing'])) { $_REQUEST['redirect_to'] = $_REQUEST['redirect_add_listing']; } if (!isset($_REQUEST['redirect_to']) || $_REQUEST['redirect_to'] == '') { if (is_user_logged_in()) { $user_ID = isset($user->ID) ? $user->ID : ''; $author_link = get_author_posts_url($user_ID); $default_author_link = geodir_getlink($author_link, array('geodir_dashbord' => 'true', 'stype' => 'gd_place'), false); /** * Filter the author link. * * @since 1.0.0 * * @param string $default_author_link Default author link. * @param int $user_ID The user ID. */ $default_author_link = apply_filters('geodir_dashboard_author_link', $default_author_link, $user_ID); $_REQUEST['redirect_to'] = $default_author_link; } else { $_REQUEST['redirect_to'] = home_url(); } } if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } $user = wp_signon('', $secure_cookie); /** * Filter the login redirect URL. * * @since 1.4.9 * @param string $redirect_to The redirect destination URL. * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise. */ $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); if (is_wp_error($user)) { if (isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], 'ptype=property_submit') && $_POST['log'] != '' && $_POST['pwd'] != '') { wp_redirect($_SERVER['HTTP_REFERER'] . '&emsg=1'); } } if (!is_wp_error($user)) { // Some servers are not logging the user in properly after wp_signon, se we set the user here. //wp_set_current_user($user->ID); //echo '###';exit; if ($redirect_to) { wp_redirect($redirect_to); } else { wp_redirect(home_url()); } exit; } $errors = $user; // Clear errors if loggedout is set. if (!empty($_GET['loggedout'])) { $errors = new WP_Error(); } // If cookies are disabled we can't log in even with a valid user+pass if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) { $errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.", 'geodirectory')); } // Some parts of this script use the main login form to display a message if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) { $successmsg = '<div class="sucess_msg">' . YOU_ARE_LOGED_OUT_MSG . '</div>'; } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) { $successmsg = USER_REG_NOT_ALLOW_MSG; } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) { $successmsg = EMAIL_CONFIRM_LINK_MSG; } elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) { $successmsg = NEW_PW_EMAIL_MSG; } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) { $successmsg = REG_COMPLETE_MSG; } if (isset($_POST['log']) && $_POST['log'] != '' && $errors || (!isset($_POST['log']) || $_POST['log'] == '') && isset($_REQUEST['testcookie']) && $_REQUEST['testcookie']) { if (isset($_REQUEST['pagetype']) && $_REQUEST['pagetype'] != '') { wp_redirect($_REQUEST['pagetype'] . '&emsg=1'); } else { wp_redirect(geodir_login_url(array('logemsg' => '1', 'redirect_to' => urlencode($_REQUEST['redirect_to'])))); } exit; } break; } // end action switch }
?> "><?php printf(__('← Back to %s'), get_bloginfo('title', 'display')); ?> </a></p> <script type="text/javascript"> try{document.getElementById('user_login').focus();}catch(e){} </script> </body> </html> <?php break; case 'resetpass': case 'rp': $errors = reset_password($_GET['key']); if (!is_wp_error($errors)) { wp_redirect('wp-login.php?checkemail=newpass'); exit; } wp_redirect('wp-login.php?action=lostpassword&error=invalidkey'); exit; break; case 'register': if (!get_option('users_can_register')) { wp_redirect('wp-login.php?registration=disabled'); exit; } $user_login = ''; $user_email = ''; if ($http_post) {
<?php # TemaTres : aplicación para la gestión de lenguajes documentales # # # # # Copyright (C) 2004-2015 Diego Ferreyra tematres@r020.com.ar # Distribuido bajo Licencia GNU Public License, versión 2 (de junio de 1.991) Free Software Foundation # ############################################################################################################### # include "config.tematres.php"; $metadata = do_meta_tag(); if ($_GET["action"] == 'rp' && $_GET["key"]) { $chek_key = check_password_reset_key($_GET["key"], urldecode($_GET["login"])); if ($chek_key["user_id"] > 0) { $task_result = reset_password($chek_key); } } ?> <!DOCTYPE html> <html lang="<?php echo LANG; ?> "> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link href="<?php echo T3_WEBPATH; ?> bootstrap/css/bootstrap.min.css" rel="stylesheet">
/** * Validate password reset */ function cubiq_validate_password_reset($errors, $user) { // passwords don't match if ($errors->get_error_code()) { wp_redirect(home_url('/login/?action=resetpass&failed=nomatch')); exit; } // wp-login already checked if the password is valid, so no further check is needed if (!empty($_POST['pass1'])) { reset_password($user, $_POST['pass1']); wp_redirect(home_url('/login/?action=resetpass&success=1')); exit; } // redirect to change password form wp_redirect(home_url('/login/?action=resetpass')); exit; }
/** * Update user * * @param object $user stdclass for the usr table * @param object $profile profile field/values to set * @param string $remotename username on the remote site * @param array $accountprefs user account preferences to set * @param bool $forceupdateremote force delete of remotename before update attempted * @return array list of updated fields */ function update_user($user, $profile, $remotename = null, $accountprefs = array(), $forceupdateremote = false, $quickhash = false) { require_once get_config('docroot') . 'auth/session.php'; if (!empty($user->id)) { $oldrecord = get_record('usr', 'id', $user->id); } else { $oldrecord = get_record('usr', 'username', $user->username); } $userid = $oldrecord->id; db_begin(); // Log the user out, otherwise they can overwrite all this on the next request remove_user_sessions($userid); $updated = array(); $newrecord = new StdClass(); foreach (get_object_vars($user) as $k => $v) { if (!empty($v) && ($k == 'password' || empty($oldrecord->{$k}) || $oldrecord->{$k} != $v)) { $newrecord->{$k} = $v; $updated[$k] = $v; } if (!empty($v) && $k === 'email' && $oldrecord->{$k} != $v) { set_user_primary_email($userid, $v); } } if (count(get_object_vars($newrecord))) { $newrecord->id = $userid; update_record('usr', $newrecord); if (!empty($newrecord->password)) { $newrecord->authinstance = $user->authinstance; reset_password($newrecord, false, $quickhash); } } foreach (get_object_vars($profile) as $k => $v) { if (get_profile_field($userid, $k) != $v) { set_profile_field($userid, $k, $v); $updated[$k] = $v; } } if ($remotename) { $oldremote = get_field('auth_remote_user', 'remoteusername', 'authinstance', $oldrecord->authinstance, 'localusr', $userid); if ($remotename != $oldremote) { $updated['remoteuser'] = $remotename; } delete_records('auth_remote_user', 'authinstance', $user->authinstance, 'localusr', $userid); // force the update of the remoteuser - for the case of a series of user updates swapping the remoteuser name if ($forceupdateremote) { delete_records('auth_remote_user', 'authinstance', $user->authinstance, 'remoteusername', $remotename); } else { // remote username must not already exist if (record_exists('auth_remote_user', 'remoteusername', $remotename, 'authinstance', $user->authinstance)) { throw new InvalidArgumentException("user_update: remoteusername already in use: " . $remotename); } } insert_record('auth_remote_user', (object) array('authinstance' => $user->authinstance, 'remoteusername' => $remotename, 'localusr' => $userid)); } // Update account preferences if (!empty($accountprefs)) { $expectedprefs = expected_account_preferences(); foreach ($expectedprefs as $eprefkey => $epref) { if (isset($accountprefs[$eprefkey]) && $accountprefs[$eprefkey] != get_account_preference($userid, $eprefkey)) { set_account_preference($userid, $eprefkey, $accountprefs[$eprefkey]); $updated[$eprefkey] = $accountprefs[$eprefkey]; } } } db_commit(); return $updated; }
/** * Returns HTML partial that contains password-reset form. * Based on WordPress core code from wp-login.php * * @since 1.0.0 * * @return string */ private function reset_form() { static $Reset_Result = null; if (null === $Reset_Result) { lib3()->array->equip_get('login', 'key'); lib3()->array->equip_post('pass1', 'pass2'); $rp_login = wp_unslash($_GET['login']); $rp_key = wp_unslash($_GET['key']); $err_msg = new WP_Error(); $fatal_error = false; lib3()->array->strip_slashes($_POST, 'pass1', 'pass2'); $pass1 = $_POST['pass1']; $pass2 = $_POST['pass2']; // Get the user object and validate the key. if ($rp_login && $rp_key) { $user = check_password_reset_key($rp_key, $rp_login); } else { $user = false; } if (!$user || is_wp_error($user)) { // If the user was not found then show an error message. if ($user && 'expired_key' == $user->get_error_code()) { $fatal_error = true; $err_msg->add('password_expired_key', __('Sorry, this reset-key is not valid anymore. Please request a new reset email and try again.', 'membership2')); } else { $fatal_error = true; $err_msg->add('password_invalid_key', __('Sorry, we did not find a valid reset-key. Please request a new reset email and try again.', 'membership2')); } } else { // If the user provided a new password, then check it now. if ($pass1 && $pass1 != $pass2) { $pass1 = false; $err_msg->add('password_reset_mismatch', __('The passwords do not match, try again.', 'membership2')); } } if ($fatal_error && count($err_msg->errors)) { $url = esc_url_raw(add_query_arg(array('show' => 'lostpass'), remove_query_arg(array('action', 'key', 'login')))); $Reset_Result = sprintf('[ms-note type="warning"]%s[/ms-note]<a href="%s">%s</a>', $err_msg->get_error_message(), $url, __('Request a new password-reset key', 'membership2')); } elseif ($pass1) { // This action is documented in wp-login.php do_action('validate_password_reset', $err_msg, $user); reset_password($user, $_POST['pass1']); // All done! Show success message and link to login form $url = esc_url_raw(remove_query_arg(array('action', 'key', 'login'))); $Reset_Result = sprintf('[ms-note type="info"]%s[/ms-note]<a href="%s">%s</a>', __('Your Password has been reset.', 'membership2'), $url, __('Login with your new password', 'membership2')); } else { // This action is documented in wp-login.php do_action('validate_password_reset', $err_msg, $user); wp_enqueue_script('utils'); wp_enqueue_script('user-profile'); ob_start(); if (count($err_msg->errors)) { printf('[ms-note type="warning"]%s[/ms-note]', implode('<br>', $err_msg->get_error_messages())); } ?> <form name="resetpassform" id="resetpassform" action="" method="post" autocomplete="off" class="ms-form"> <input type="hidden" id="user_login" value="<?php echo esc_attr($rp_login); ?> " autocomplete="off"/> <p class="user-pass1-wrap"> <label for="pass1"><?php _e('New password'); ?> </label><br /> <div class="wp-pwd"> <span class="password-input-wrapper"> <input type="password" data-reveal="1" data-pw="<?php echo esc_attr(wp_generate_password(16)); ?> " name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" aria-describedby="pass-strength-result" /> </span> <div id="pass-strength-result" class="hide-if-no-js" aria-live="polite"><?php _e('Strength indicator'); ?> </div> </div> </p> <p class="user-pass2-wrap"> <label for="pass2"><?php _e('Confirm new password'); ?> </label><br /> <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" /> </p> <p class="description indicator-hint"><?php echo wp_get_password_hint(); ?> </p> <br class="clear"/> <?php // This action is documented in wp-login.php do_action('resetpass_form', $user); ?> <p class="submit"> <input type="hidden" name="rp_key" value="<?php echo esc_attr($rp_key); ?> " /> <button type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large"> <?php _e('Reset Password', 'membership2'); ?> </button> </p> </form> <?php $html = ob_get_clean(); $Reset_Result = apply_filters('ms_compact_code', $html); } $Reset_Result = do_shortcode($Reset_Result); } return $Reset_Result; }
// REMEMBER: // header() must be called before any actual output is // sent, either by normal HTML tags, blank lines in a file, or from PHP. // plus addressess must be absolute (we need to change this) header("Location: ../user_account/index.php"); } else { if ($_SERVER["REQUEST_METHOD"] == "POST") { // Create short variable names. $user_name = $_POST['user_name']; $page_result_code = validate_reset_password_form($user_name); // if validation was succesful if ($page_result_code == SUCCESS_NO_ERROR) { // generate a random password. // update password in users database. // send password. $page_result_code = reset_password($user_name); if ($page_result_code == SUCCESS_NO_ERROR) { $page_message = "Password reset and sent to your e-mail"; // redirect to the 'user_account' page // REMEMBER: // header() must be called before any actual output is // sent, either by normal HTML tags, blank lines in a file, or from PHP. // plus addressess must be absolute (we need to change this) header("Location: ../index.php"); } else { handle_result_code($page_result_code, $page_message); } } else { handle_result_code($page_result_code, $page_message); } }
/** * Смена пароля пользователя если пароль был отправлен через форму */ public function do_password_reset() { if ('POST' == $_SERVER['REQUEST_METHOD']) { $rp_key = $_REQUEST['rp_key']; $rp_login = $_REQUEST['rp_login']; $user = check_password_reset_key($rp_key, $rp_login); if (!$user || is_wp_error($user)) { if ($user && $user->get_error_code() === 'expired_key') { wp_redirect(home_url('member-login?login=expiredkey')); } else { wp_redirect(home_url('member-login?login=invalidkey')); } exit; } if (isset($_POST['pass1'])) { if ($_POST['pass1'] != $_POST['pass2']) { // Пароли не совпадают $redirect_url = home_url('member-password-reset'); $redirect_url = add_query_arg('key', $rp_key, $redirect_url); $redirect_url = add_query_arg('login', $rp_login, $redirect_url); $redirect_url = add_query_arg('error', 'password_reset_mismatch', $redirect_url); wp_redirect($redirect_url); exit; } if (empty($_POST['pass1'])) { // Пароль пустой $redirect_url = home_url('member-password-reset'); $redirect_url = add_query_arg('key', $rp_key, $redirect_url); $redirect_url = add_query_arg('login', $rp_login, $redirect_url); $redirect_url = add_query_arg('error', 'password_reset_empty', $redirect_url); wp_redirect($redirect_url); exit; } // Проверка параметров ОК, сброс пароля reset_password($user, $_POST['pass1']); wp_redirect(home_url('member-login?password=changed')); } else { echo "Недопустимый запрос."; } exit; } }
/** * Reset Password hooks */ function action_reset_pass() { list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI'])); $rp_cookie = 'wp-resetpass-' . COOKIEHASH; if (isset($_GET['key'])) { $value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key'])); setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true); wp_safe_redirect(remove_query_arg(array('key', 'login'))); exit; } if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) { list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2); $user = check_password_reset_key($rp_key, $rp_login); } else { $user = false; } if (!$user || is_wp_error($user)) { setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); if ($user && $user->get_error_code() === 'expired_key') { wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey')); } else { wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey')); } exit; } $errors = new WP_Error(); if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $errors->add('password_reset_mismatch', __('The passwords do not match.', 'colabsthemes')); } /** * Fires before the password reset procedure is validated. * * @since 3.5.0 * * @param object $errors WP Error object. * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise. */ do_action('validate_password_reset', $errors, $user); if (!$errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) { reset_password($user, $_POST['pass1']); setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); $message = __('Your password has been reset.', 'colabsthemes') . ' <a href="' . esc_url(wp_login_url()) . '">' . __('Log in', 'colabsthemes') . '</a>'; } wp_enqueue_script('password-strength-meter'); wp_enqueue_script('zxcvbn-async'); wp_enqueue_script('custom-strengthmeter', trailingslashit(get_template_directory_uri()) . 'includes/js/custom-strengthmeter.js'); if (isset($message) && !empty($message)) { $this->render_messages($message); } if (isset($errors) && sizeof($errors) > 0 && $errors->get_error_code()) { $this->render_messages($errors); } $this->reset_pass_form($rp_key); }