/**
* Email login credentials to a newly-registered user.
*
* A new user registration notification is also sent to admin email.
*
* @since 0.0.1
* @since 0.0.1
* @since 0.0.1
*
* @global hqdb $hqdb HiveQueen database object for queries.
* @global PasswordHash $hq_hasher Portable PHP password hashing framework instance.
*
* @param int $user_id User ID.
* @param null $deprecated Not used (argument deprecated).
* @param string $notify Optional. Type of notification that should happen. Accepts 'admin' or an empty
* string (admin only), or 'both' (admin and user). The empty string value was kept
* for backward-compatibility purposes with the renamed parameter. Default empty.
*/
function hq_new_user_notification($user_id, $deprecated = null, $notify = '')
{
if ($deprecated !== null) {
_deprecated_argument(__FUNCTION__, '4.3.1');
}
global $hqdb, $hq_hasher;
$user = get_userdata($user_id);
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = hq_specialchars_decode(get_option('blogname'), ENT_QUOTES);
$message = sprintf(__('New user registration on your site %s:'), $blogname) . "\r\n\r\n";
$message .= sprintf(__('Username: %s'), $user->user_login) . "\r\n\r\n";
$message .= sprintf(__('E-mail: %s'), $user->user_email) . "\r\n";
@hq_mail(get_option('admin_email'), sprintf(__('[%s] New User Registration'), $blogname), $message);
if ('admin' === $notify || empty($notify)) {
return;
}
// Generate something random for a password reset key.
$key = hq_generate_password(20, false);
/** This action is documented in hq-login.php */
do_action('retrieve_password_key', $user->user_login, $key);
// Now insert the key, hashed, into the DB.
if (empty($hq_hasher)) {
require_once ABSPATH . HQINC . '/class-phpass.php';
$hq_hasher = new PasswordHash(8, true);
}
$hashed = time() . ':' . $hq_hasher->HashPassword($key);
$hqdb->update($hqdb->users, array('user_activation_key' => $hashed), array('user_login' => $user->user_login));
$message = sprintf(__('Username: %s'), $user->user_login) . "\r\n\r\n";
$message .= __('To set your password, visit the following address:') . "\r\n\r\n";
$message .= '<' . network_site_url("hq-login.php?action=rp&key={$key}&login="******">\r\n\r\n";
$message .= hq_login_url() . "\r\n";
hq_mail($user->user_email, sprintf(__('[%s] Your username and password info'), $blogname), $message);
}
/**
* Handles sending password retrieval email to user.
*
* @global hqdb $hqdb HiveQueen database abstraction object.
* @global PasswordHash $hq_hasher Portable PHP password hashing framework.
*
* @return bool|HQ_Error True: when finish. HQ_Error on error
*/
function retrieve_password()
{
global $hqdb, $hq_hasher;
$errors = new HQ_Error();
if (empty($_POST['user_login'])) {
$errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.'));
} elseif (strpos($_POST['user_login'], '@')) {
$user_data = get_user_by('email', trim($_POST['user_login']));
if (empty($user_data)) {
$errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
}
} else {
$login = trim($_POST['user_login']);
$user_data = get_user_by('login', $login);
}
/**
* Fires before errors are returned from a password reset request.
*
* @since 0.0.1
*/
do_action('lostpassword_post');
if ($errors->get_error_code()) {
return $errors;
}
if (!$user_data) {
$errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.'));
return $errors;
}
// Redefining user_login ensures we return the right case in the email.
$user_login = $user_data->user_login;
$user_email = $user_data->user_email;
/**
* Fires before a new password is retrieved.
*
* @since 0.0.1
*
* @param string $user_login The user login name.
*/
do_action('retreive_password', $user_login);
/**
* Fires before a new password is retrieved.
*
* @since 0.0.1
*
* @param string $user_login The user login name.
*/
do_action('retrieve_password', $user_login);
/**
* Filter whether to allow a password to be reset.
*
* @since 0.0.1
*
* @param bool true Whether to allow the password to be reset. Default true.
* @param int $user_data->ID The ID of the user attempting to reset a password.
*/
$allow = apply_filters('allow_password_reset', true, $user_data->ID);
if (!$allow) {
return new HQ_Error('no_password_reset', __('Password reset is not allowed for this user'));
} elseif (is_hq_error($allow)) {
return $allow;
}
// Generate something random for a password reset key.
$key = hq_generate_password(20, false);
/**
* Fires when a password reset key is generated.
*
* @since 0.0.1
*
* @param string $user_login The username for the user.
* @param string $key The generated password reset key.
*/
do_action('retrieve_password_key', $user_login, $key);
// Now insert the key, hashed, into the DB.
if (empty($hq_hasher)) {
require_once ABSPATH . HQINC . '/class-phpass.php';
$hq_hasher = new PasswordHash(8, true);
}
$hashed = time() . ':' . $hq_hasher->HashPassword($key);
$hqdb->update($hqdb->users, array('user_activation_key' => $hashed), array('user_login' => $user_login));
$message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
$message .= network_home_url('/') . "\r\n\r\n";
$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
$message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
$message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
$message .= '<' . network_site_url("hq-login.php?action=rp&key={$key}&login="******">\r\n";
//TODO: Goyo no multisite
//if ( is_multisite() )
if (false) {
$blogname = $GLOBALS['current_site']->site_name;
} else {
/*
* The blogname option is escaped with esc_html on the way into the database
* in sanitize_option we want to reverse this for the plain text arena of emails.
*/
$blogname = hq_specialchars_decode(get_option('blogname'), ENT_QUOTES);
}
$title = sprintf(__('[%s] Password Reset'), $blogname);
/**
* Filter the subject of the password reset email.
*
* @since 0.0.1
*
* @param string $title Default email title.
*/
$title = apply_filters('retrieve_password_title', $title);
/**
* Filter the message body of the password reset mail.
*
* @since 0.0.1
*
* @param string $message Default mail message.
* @param string $key The activation key.
* @param string $user_login The username for the user.
* @param HQ_User $user_data HQ_User object.
*/
$message = apply_filters('retrieve_password_message', $message, $key, $user_login, $user_data);
if ($message && !hq_mail($user_email, hq_specialchars_decode($title), $message)) {
hq_die(__('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.'));
}
return true;
}
