private function callback_new_password()
{
global $wpdb;
$form = wpsc_get_password_reminder_form_args();
$validation = wpsc_validate_form($form);
do_action('lostpassword_post');
if (is_wp_error($validation)) {
wpsc_set_validation_errors($validation);
return;
}
extract($_POST, EXTR_SKIP);
$username = $_POST['username'];
$field = is_email($username) ? $field = 'email' : 'login';
$user_data = get_user_by($field, $username);
if (!$user_data) {
$this->message_collection->add(__('Invalid username or email.', 'wp-e-commerce'), 'error');
return;
}
$user_login = $user_data->user_login;
$user_email = $user_data->user_email;
do_action('retrieve_password', $user_login);
$allow = apply_filters('allow_password_reset', true, $user_data->ID);
if (!$allow) {
wpsc_set_validation_errors(new WP_Error('username', __('Password reset is not allowed for this user', 'wp-e-commerce')));
} else {
if (is_wp_error($allow)) {
wpsc_set_validation_errors($allow);
}
}
$key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM {$wpdb->users} WHERE user_login = %s", $user_login));
if (empty($key)) {
// Generate something random for a key...
$key = wp_generate_password(20, false);
do_action('retrieve_password_key', $user_login, $key);
// Now insert the new md5 key into the db
$wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login));
}
$message = __('Someone requested that the password be reset for the following account:', 'wp-e-commerce') . "\r\n\r\n";
$message .= home_url('/') . "\r\n\r\n";
$message .= sprintf(__('Username: %s', 'wp-e-commerce'), $user_login) . "\r\n\r\n";
$message .= __('If this was a mistake, just ignore this email and nothing will happen.', 'wp-e-commerce') . "\r\n\r\n";
$message .= __('To reset your password, visit the following address:', 'wp-e-commerce') . "\r\n\r\n";
$message .= '<' . wpsc_get_password_reminder_url("reset/{$user_login}/{$key}") . ">\r\n";
if (is_multisite()) {
$blogname = $GLOBALS['current_site']->site_name;
} else {
$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
}
$title = sprintf(__('[%s] Password Reset', 'wp-e-commerce'), $blogname);
$title = apply_filters('wpsc_retrieve_password_title', $title);
$message = apply_filters('wpsc_retrieve_password_message', $message, $key);
if ($message && !wp_mail($user_email, $title, $message)) {
$this->message_collection->add(__("Sorry, but due to an unexpected technical issue, we couldn't send you the e-mail containing password reset directions. Most likely the web host we're using has disabled e-mail features. Please contact us and we'll help you fix this. Or you can simply try again later.", 'wp-e-commerce'), 'error');
// by "us", we mean the site owner.
}
$this->message_collection->add(__("We just sent you an e-mail containing directions to reset your password. If you don't receive it in a few minutes, check your Spam folder or simply try again.", 'wp-e-commerce'), 'success');
}
function wpsc_get_password_reminder_form()
{
$args = wpsc_get_password_reminder_form_args();
return apply_filters('wpsc_get_password_reminder_form', wpsc_get_form_output($args));
}
