/** * reset the password and sign the user on * * The user has entered his or her new password. It should be entered * twice -- just in case... * If both entries match, the new password is stored in the database and * the user is logged in. * * @return WP_Error event if password could not be reset or user could not be signed on */ public static function handle_reset_password() { // Prevent Cross-Site-Request-Forgery if (!Handlers::is_nonce_ok('new_password_form')) { return new \WP_Error('nonce', __('There seems to be a security issue. Please do not continue, but inform us!', 'YALW'), 'error'); } // Prevent user's from obtaining rights of other users if (Handlers::get_retrieval_code(Session::get_user_login()) != $_POST['YALW_code']) { return new \WP_Error('security', __('I\'m sorry, Dave. I\'m afraid I can\'t do that.', 'YALW'), 'error'); } $events = new \WP_Error(); if (empty($_POST['YALW_new_password'])) { // password empty? Session::set_next_widget_task('enter_new_password'); $events->add('password_empty', __('The password cannot be empty.', 'YALW'), 'warn'); } elseif ($_POST['YALW_new_password'] != $_POST['YALW_control_password']) { // password mismatch? Session::set_next_widget_task('enter_new_password'); $events->add('password_mismatch', __('The passwords are not the same. Please re-enter.', 'YALW'), 'warn'); } else { // set new password and login wp_set_password($_POST['YALW_new_password'], Session::get_user_id()); $tmp_error = Handlers::sign_on(Session::get_user_login(), $_POST['YALW_new_password']); $events->add($tmp_error->get_error_code(), $tmp_error->get_error_message(), Handlers::get_event_type($tmp_error)); } return $events; }