private function callback_new_password() { global $wpdb; $form = wpsc_get_password_reminder_form_args(); $validation = wpsc_validate_form($form); do_action('lostpassword_post'); if (is_wp_error($validation)) { wpsc_set_validation_errors($validation); return; } extract($_POST, EXTR_SKIP); $username = $_POST['username']; $field = is_email($username) ? $field = 'email' : 'login'; $user_data = get_user_by($field, $username); if (!$user_data) { $this->message_collection->add(__('Invalid username or email.', 'wp-e-commerce'), 'error'); return; } $user_login = $user_data->user_login; $user_email = $user_data->user_email; do_action('retrieve_password', $user_login); $allow = apply_filters('allow_password_reset', true, $user_data->ID); if (!$allow) { wpsc_set_validation_errors(new WP_Error('username', __('Password reset is not allowed for this user', 'wp-e-commerce'))); } else { if (is_wp_error($allow)) { wpsc_set_validation_errors($allow); } } $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM {$wpdb->users} WHERE user_login = %s", $user_login)); if (empty($key)) { // Generate something random for a key... $key = wp_generate_password(20, false); do_action('retrieve_password_key', $user_login, $key); // Now insert the new md5 key into the db $wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login)); } $message = __('Someone requested that the password be reset for the following account:', 'wp-e-commerce') . "\r\n\r\n"; $message .= home_url('/') . "\r\n\r\n"; $message .= sprintf(__('Username: %s', 'wp-e-commerce'), $user_login) . "\r\n\r\n"; $message .= __('If this was a mistake, just ignore this email and nothing will happen.', 'wp-e-commerce') . "\r\n\r\n"; $message .= __('To reset your password, visit the following address:', 'wp-e-commerce') . "\r\n\r\n"; $message .= '<' . wpsc_get_password_reminder_url("reset/{$user_login}/{$key}") . ">\r\n"; if (is_multisite()) { $blogname = $GLOBALS['current_site']->site_name; } else { $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); } $title = sprintf(__('[%s] Password Reset', 'wp-e-commerce'), $blogname); $title = apply_filters('wpsc_retrieve_password_title', $title); $message = apply_filters('wpsc_retrieve_password_message', $message, $key); if ($message && !wp_mail($user_email, $title, $message)) { $this->message_collection->add(__("Sorry, but due to an unexpected technical issue, we couldn't send you the e-mail containing password reset directions. Most likely the web host we're using has disabled e-mail features. Please contact us and we'll help you fix this. Or you can simply try again later.", 'wp-e-commerce'), 'error'); // by "us", we mean the site owner. } $this->message_collection->add(__("We just sent you an e-mail containing directions to reset your password. If you don't receive it in a few minutes, check your Spam folder or simply try again.", 'wp-e-commerce'), 'success'); }
function wpsc_get_password_reminder_form() { $args = wpsc_get_password_reminder_form_args(); return apply_filters('wpsc_get_password_reminder_form', wpsc_get_form_output($args)); }