/**
* Update FluxBB password if user uses "lost password"
*/
function Register_FluxBB_PasswReset()
{
global $page, $user, $conf;
if (isset($_POST['submit'])) {
if ('reset' == $_GET['action']) {
$user_id = check_password_reset_key($_GET['key']);
$query = '
SELECT ' . $conf['user_fields']['username'] . ' AS username, mail_address
FROM ' . USERS_TABLE . '
WHERE ' . $conf['user_fields']['id'] . ' = \'' . $user_id . '\'
AND ' . $conf['user_fields']['username'] . ' NOT IN ("18","16")
;';
list($username, $mail_address) = pwg_db_fetch_row(pwg_query($query));
FluxBB_Updateuser($user_id, stripslashes($username), sha1($_POST['use_new_pwd']), $mail_address);
}
}
}
/**
* Return password reset handler form or redirect to password reset page when key is invalid.
*
* @param int $id
*
* @return null|string
*/
public function get_password_reset_handler_structure($id)
{
// Verify key / login combo
$user = check_password_reset_key($_REQUEST['key'], $_REQUEST['login']);
if (!$user || is_wp_error($user)) {
if ($user && $user->get_error_code() === 'expired_key') {
wp_redirect(pp_password_reset_url() . '?error=expiredkey');
} else {
wp_redirect(pp_password_reset_url() . '?error=invalidkey');
}
exit;
} else {
$handler_structure = PROFILEPRESS_sql::get_password_reset_handler_structure($id);
$handler_structure .= '<input type="hidden" name="reset_key" value="' . esc_attr($_REQUEST['key']) . '">';
$handler_structure .= '<input type="hidden" name="reset_login" value="' . esc_attr($_REQUEST['login']) . '">';
}
return $handler_structure;
}
/**
* Get the reset key and login from the cookie.
*
* @return void
* @access protected
* @since 1.4.0
*/
protected function parse_reset_key()
{
$this->key = null;
$this->login = null;
if (!isset($_COOKIE['wp-resetpass-' . COOKIEHASH])) {
return;
}
$cookie = $_COOKIE['wp-resetpass-' . COOKIEHASH];
if (!strpos($cookie, ':')) {
return;
}
$cookie_parts = explode(':', wp_unslash($cookie), 2);
list($login, $key) = array_map('sanitize_text_field', $cookie_parts);
$user = check_password_reset_key($key, $login);
if (is_wp_error($user)) {
charitable_get_notices()->add_errors_from_wp_error($user);
Charitable_User_Management::get_instance()->set_reset_cookie();
return;
}
/* Reset key / login is correct, display reset password form with hidden key / login values */
$this->key = $key;
$this->login = $login;
}
<?php
login_footer('user_login');
break;
case 'resetpass':
case 'rp':
list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI']));
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
if (isset($_GET['key'])) {
$value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key']));
setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
wp_safe_redirect(remove_query_arg(array('key', 'login')));
exit;
}
if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) {
list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2);
$user = check_password_reset_key($rp_key, $rp_login);
if (isset($_POST['pass1']) && !hash_equals($rp_key, $_POST['rp_key'])) {
$user = false;
}
} else {
$user = false;
}
if (!$user || is_wp_error($user)) {
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
if ($user && $user->get_error_code() === 'expired_key') {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey'));
} else {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey'));
}
exit;
}
> <?php
// контэйнер с классами и id
?>
<h1><?php
the_title();
// заголовок
?>
</h1>
<?php
the_content();
// контент
?>
</article>
<?php
if (!isset($_GET['key']) || !isset($_GET['login']) || is_wp_error(check_password_reset_key($_GET['key'], $_GET['login']))) {
// если параметры не передали или ф-я проверки вернула ошибку
echo '<p>Ключ и (или) логин ни были переданы, либо не верны.</p>';
//resetpass
} else {
// если все ок показываем форму
?>
<form name="resetpassform" id="resetpassform" action="" method="post" class="userform">
<input type="password" name="pass1" id="pass1" placeholder="Новый пароль">
<input type="password" name="pass2" id="pass2" placeholder="Повторите новый пароль">
<input type="hidden" name="key" value="<?php
echo esc_attr($_GET['key']);
?>
"><!-- переданные параметры сунем в скрытые поля -->
<input type="hidden" name="login" value="<?php
/**
* @ticket 32429
* @ticket 24783
*/
function test_plaintext_user_activation_key_is_rejected()
{
global $wpdb;
// A plaintext user_activation_key is one stored before hashing was introduced in WordPress 3.7.
$key = wp_generate_password(20, false);
$wpdb->update($wpdb->users, array('user_activation_key' => $key), array('ID' => $this->user->ID));
// A plaintext user_activation_key should not allow an otherwise valid key to be accepted
$check = check_password_reset_key($key, $this->user->user_login);
$this->assertInstanceOf('WP_Error', $check);
// A plaintext user_activation_key should not allow an empty key to be accepted
$check = check_password_reset_key('', $this->user->user_login);
$this->assertInstanceOf('WP_Error', $check);
}
<?php
# TemaTres : aplicación para la gestión de lenguajes documentales # #
# #
# Copyright (C) 2004-2015 Diego Ferreyra tematres@r020.com.ar
# Distribuido bajo Licencia GNU Public License, versión 2 (de junio de 1.991) Free Software Foundation
#
###############################################################################################################
#
include "config.tematres.php";
$metadata = do_meta_tag();
if ($_GET["action"] == 'rp' && $_GET["key"]) {
$chek_key = check_password_reset_key($_GET["key"], urldecode($_GET["login"]));
if ($chek_key["user_id"] > 0) {
$task_result = reset_password($chek_key);
}
}
?>
<!DOCTYPE html>
<html lang="<?php
echo LANG;
?>
">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="<?php
echo T3_WEBPATH;
?>
bootstrap/css/bootstrap.min.css" rel="stylesheet">
function process_getpassword()
{
global $errors;
$user = check_password_reset_key($_GET['key'], $_GET['login']);
if (is_wp_error($user)) {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey'));
exit;
}
get_header();
//$this->pie_frontend_enqueu_scripts();
include_once "get_password.php";
$get_form = piereg_get_passwird();
echo $get_form;
get_footer();
exit;
}
/**
* Retrieves a user row based on password reset key and login.
*
* @uses $wpdb WordPress Database object
*
* @param string $key Hash to validate sending user's password
* @param string $login The user login
* @return WP_User|bool User's database row on success, false for invalid keys
*/
public static function check_password_reset_key($key, $login)
{
// Check for the password reset key.
// Get user data or an error message in case of invalid or expired key.
$user = check_password_reset_key($key, $login);
if (is_wp_error($user)) {
wc_add_notice($user->get_error_message(), 'error');
return false;
}
return $user;
}
/**
* Returns HTML partial that contains password-reset form.
* Based on WordPress core code from wp-login.php
*
* @since 1.0.0
*
* @return string
*/
private function reset_form()
{
static $Reset_Result = null;
if (null === $Reset_Result) {
lib3()->array->equip_get('login', 'key');
lib3()->array->equip_post('pass1', 'pass2');
$rp_login = wp_unslash($_GET['login']);
$rp_key = wp_unslash($_GET['key']);
$err_msg = new WP_Error();
$fatal_error = false;
lib3()->array->strip_slashes($_POST, 'pass1', 'pass2');
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
// Get the user object and validate the key.
if ($rp_login && $rp_key) {
$user = check_password_reset_key($rp_key, $rp_login);
} else {
$user = false;
}
if (!$user || is_wp_error($user)) {
// If the user was not found then show an error message.
if ($user && 'expired_key' == $user->get_error_code()) {
$fatal_error = true;
$err_msg->add('password_expired_key', __('Sorry, this reset-key is not valid anymore. Please request a new reset email and try again.', 'membership2'));
} else {
$fatal_error = true;
$err_msg->add('password_invalid_key', __('Sorry, we did not find a valid reset-key. Please request a new reset email and try again.', 'membership2'));
}
} else {
// If the user provided a new password, then check it now.
if ($pass1 && $pass1 != $pass2) {
$pass1 = false;
$err_msg->add('password_reset_mismatch', __('The passwords do not match, try again.', 'membership2'));
}
}
if ($fatal_error && count($err_msg->errors)) {
$url = esc_url_raw(add_query_arg(array('show' => 'lostpass'), remove_query_arg(array('action', 'key', 'login'))));
$Reset_Result = sprintf('[ms-note type="warning"]%s[/ms-note]<a href="%s">%s</a>', $err_msg->get_error_message(), $url, __('Request a new password-reset key', 'membership2'));
} elseif ($pass1) {
// This action is documented in wp-login.php
do_action('validate_password_reset', $err_msg, $user);
reset_password($user, $_POST['pass1']);
// All done! Show success message and link to login form
$url = esc_url_raw(remove_query_arg(array('action', 'key', 'login')));
$Reset_Result = sprintf('[ms-note type="info"]%s[/ms-note]<a href="%s">%s</a>', __('Your Password has been reset.', 'membership2'), $url, __('Login with your new password', 'membership2'));
} else {
// This action is documented in wp-login.php
do_action('validate_password_reset', $err_msg, $user);
wp_enqueue_script('utils');
wp_enqueue_script('user-profile');
ob_start();
if (count($err_msg->errors)) {
printf('[ms-note type="warning"]%s[/ms-note]', implode('<br>', $err_msg->get_error_messages()));
}
?>
<form name="resetpassform" id="resetpassform"
action="" method="post" autocomplete="off" class="ms-form">
<input type="hidden" id="user_login"
value="<?php
echo esc_attr($rp_login);
?>
" autocomplete="off"/>
<p class="user-pass1-wrap">
<label for="pass1"><?php
_e('New password');
?>
</label><br />
<div class="wp-pwd">
<span class="password-input-wrapper">
<input type="password" data-reveal="1" data-pw="<?php
echo esc_attr(wp_generate_password(16));
?>
" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" aria-describedby="pass-strength-result" />
</span>
<div id="pass-strength-result" class="hide-if-no-js" aria-live="polite"><?php
_e('Strength indicator');
?>
</div>
</div>
</p>
<p class="user-pass2-wrap">
<label for="pass2"><?php
_e('Confirm new password');
?>
</label><br />
<input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" />
</p>
<p class="description indicator-hint"><?php
echo wp_get_password_hint();
?>
</p>
<br class="clear"/>
<?php
// This action is documented in wp-login.php
do_action('resetpass_form', $user);
?>
<p class="submit">
<input type="hidden" name="rp_key" value="<?php
echo esc_attr($rp_key);
?>
" />
<button type="submit" name="wp-submit" id="wp-submit"
class="button button-primary button-large">
<?php
_e('Reset Password', 'membership2');
?>
</button>
</p>
</form>
<?php
$html = ob_get_clean();
$Reset_Result = apply_filters('ms_compact_code', $html);
}
$Reset_Result = do_shortcode($Reset_Result);
}
return $Reset_Result;
}
function reales_reset_pass_form()
{
$allowed_html = array();
$pass_1 = isset($_POST['pass_1']) ? wp_kses($_POST['pass_1'], $allowed_html) : '';
$pass_2 = isset($_POST['pass_2']) ? wp_kses($_POST['pass_2'], $allowed_html) : '';
$key = isset($_POST['key']) ? wp_kses($_POST['key'], $allowed_html) : '';
$login = isset($_POST['login']) ? wp_kses($_POST['login'], $allowed_html) : '';
if ($pass_1 == '' || $pass_2 == '') {
echo json_encode(array('reset' => false, 'message' => __('Password field empty!', 'reales')));
exit;
}
$user = check_password_reset_key($key, $login);
if (is_wp_error($user)) {
if ($user->get_error_code() === 'expired_key') {
echo json_encode(array('reset' => false, 'message' => __('Sorry, the link does not appear to be valid or is expired!', 'reales')));
exit;
} else {
echo json_encode(array('reset' => false, 'message' => __('Sorry, the link does not appear to be valid or is expired!', 'reales')));
exit;
}
}
if (isset($pass_1) && $pass_1 != $pass_2) {
echo json_encode(array('reset' => false, 'message' => __('The passwords do not match!', 'reales')));
exit;
} else {
reset_password($user, $pass_1);
echo json_encode(array('reset' => true, 'message' => __('Your password has been reset.', 'reales')));
}
die;
}
/**
* Proccesses the request
*
* Callback for "template_redirect" hook in template-loader.php
*
* @since 6.3
* @access public
*/
public function template_redirect()
{
$this->request_action = isset($_REQUEST['action']) ? sanitize_key($_REQUEST['action']) : '';
if (!$this->request_action && self::is_tml_page()) {
$this->request_action = self::get_page_action(get_the_id());
}
$this->request_instance = isset($_REQUEST['instance']) ? sanitize_key($_REQUEST['instance']) : 0;
do_action_ref_array('tml_request', array(&$this));
// allow plugins to override the default actions, and to add extra actions if they want
do_action('login_form_' . $this->request_action);
if (has_action('tml_request_' . $this->request_action)) {
do_action_ref_array('tml_request_' . $this->request_action, array(&$this));
} else {
$http_post = 'POST' == $_SERVER['REQUEST_METHOD'];
switch ($this->request_action) {
case 'postpass':
if (!array_key_exists('post_password', $_POST)) {
wp_safe_redirect(wp_get_referer());
exit;
}
require_once ABSPATH . 'wp-includes/class-phpass.php';
$hasher = new PasswordHash(8, true);
$expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
if ($referer) {
$secure = 'https' === parse_url($referer, PHP_URL_SCHEME);
} else {
$secure = false;
}
setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure);
wp_safe_redirect(wp_get_referer());
exit;
break;
case 'logout':
check_admin_referer('log-out');
$user = wp_get_current_user();
wp_logout();
if (!empty($_REQUEST['redirect_to'])) {
$redirect_to = $requested_redirect_to = $_REQUEST['redirect_to'];
} else {
$redirect_to = site_url('wp-login.php?loggedout=true');
$requested_redirect_to = '';
}
$redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user);
wp_safe_redirect($redirect_to);
exit;
break;
case 'lostpassword':
case 'retrievepassword':
if ($http_post) {
$this->errors = self::retrieve_password();
if (!is_wp_error($this->errors)) {
$redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url('wp-login.php?checkemail=confirm');
wp_safe_redirect($redirect_to);
exit;
}
}
if (isset($_REQUEST['error'])) {
if ('invalidkey' == $_REQUEST['error']) {
$this->errors->add('invalidkey', __('Your password reset link appears to be invalid. Please request a new link below.', 'theme-my-login'));
} elseif ('expiredkey' == $_REQUEST['error']) {
$this->errors->add('expiredkey', __('Your password reset link has expired. Please request a new link below.', 'theme-my-login'));
}
}
do_action('lost_password');
break;
case 'resetpass':
case 'rp':
// Dirty hack for now
global $rp_login, $rp_key;
list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI']));
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
if (isset($_GET['key'])) {
$value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key']));
setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
wp_safe_redirect(remove_query_arg(array('key', 'login')));
exit;
}
if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) {
list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2);
$user = check_password_reset_key($rp_key, $rp_login);
if (isset($_POST['pass1']) && !hash_equals($rp_key, $_POST['rp_key'])) {
$user = false;
}
} else {
$user = false;
}
if (!$user || is_wp_error($user)) {
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
if ($user && $user->get_error_code() === 'expired_key') {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey'));
} else {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey'));
}
exit;
}
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$this->errors->add('password_reset_mismatch', __('The passwords do not match.', 'theme-my-login'));
}
do_action('validate_password_reset', $this->errors, $user);
if (!$this->errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) {
reset_password($user, $_POST['pass1']);
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
$redirect_to = site_url('wp-login.php?resetpass=complete');
wp_safe_redirect($redirect_to);
exit;
}
wp_enqueue_script('utils');
wp_enqueue_script('user-profile');
break;
case 'register':
if (!get_option('users_can_register')) {
$redirect_to = site_url('wp-login.php?registration=disabled');
wp_redirect($redirect_to);
exit;
}
$user_login = '';
$user_email = '';
if ($http_post) {
if ('email' == $this->get_option('login_type')) {
$user_login = isset($_POST['user_email']) ? $_POST['user_email'] : '';
} else {
$user_login = isset($_POST['user_login']) ? $_POST['user_login'] : '';
}
$user_email = isset($_POST['user_email']) ? $_POST['user_email'] : '';
$this->errors = register_new_user($user_login, $user_email);
if (!is_wp_error($this->errors)) {
$redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : site_url('wp-login.php?checkemail=registered');
wp_safe_redirect($redirect_to);
exit;
}
}
break;
case 'login':
default:
$secure_cookie = '';
$interim_login = isset($_REQUEST['interim-login']);
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (!empty($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
if ($http_post && isset($_POST['log'])) {
$user = wp_signon('', $secure_cookie);
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (!is_wp_error($user) && !$reauth) {
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->ID);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url();
}
}
wp_safe_redirect($redirect_to);
exit;
}
$this->errors = $user;
}
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$this->errors = new WP_Error();
}
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && true == $_GET['loggedout']) {
$this->errors->add('loggedout', __('You are now logged out.', 'theme-my-login'), 'message');
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$this->errors->add('registerdisabled', __('User registration is currently not allowed.', 'theme-my-login'));
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$this->errors->add('confirm', __('Check your e-mail for the confirmation link.', 'theme-my-login'), 'message');
} elseif (isset($_GET['resetpass']) && 'complete' == $_GET['resetpass']) {
$this->errors->add('password_reset', __('Your password has been reset.', 'theme-my-login'), 'message');
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$this->errors->add('registered', __('Registration complete. Please check your e-mail.', 'theme-my-login'), 'message');
} elseif ($interim_login) {
$this->errors->add('expired', __('Your session has expired. Please log-in again.', 'theme-my-login'), 'message');
} elseif (strpos($redirect_to, 'about.php?updated')) {
$this->errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.', 'theme-my-login'), 'message');
} elseif ($reauth) {
$this->errors->add('reauth', __('Please log in to continue.', 'theme-my-login'), 'message');
}
// Clear any stale cookies.
if ($reauth) {
wp_clear_auth_cookie();
}
break;
}
// end switch
}
// endif has_filter()
}
/**
* Returns HTML partial that contains password-reset form.
* Based on WordPress core code from wp-login.php
*
* @since 1.0.0
*
* @return string
*/
private function reset_form()
{
ob_start();
lib2()->array->equip_get('login', 'key');
$rp_login = wp_unslash($_GET['login']);
$rp_key = wp_unslash($_GET['key']);
$err_msg = new WP_Error();
// Get the user object and validate the key.
if ($rp_login && $rp_key) {
$user = check_password_reset_key($rp_key, $rp_login);
} else {
$user = false;
}
lib2()->array->strip_slashes($_POST, 'pass1', 'pass2');
// If the user was not found then redirect to an error page.
if (!$user || is_wp_error($user)) {
if ($user && 'expired_key' == $user->get_error_code()) {
$err_msg->add('password_expired_key', __('The password-reset key is already expired.', MS_TEXT_DOMAIN));
} else {
$err_msg->add('password_invalid_key', __('The password-reset key is invalid or missing.', MS_TEXT_DOMAIN));
}
$url = esc_url_raw(remove_query_arg(array('action', 'key', 'login')));
return sprintf('<p>%s</p><p><a href="%s">%s</a>', $err_msg, $url, __('Request a new password-reset key', MS_TEXT_DOMAIN));
} else {
// If the user provided a new password, then check it now.
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$err_msg->add('password_reset_mismatch', __('The passwords do not match.', MS_TEXT_DOMAIN));
}
}
// This action is documented in wp-login.php
do_action('validate_password_reset', $err_msg, $user);
if (!count($err_msg->errors) && isset($_POST['pass1']) && !empty($_POST['pass1'])) {
reset_password($user, $_POST['pass1']);
// All done!
return __('Your Password has been reset.', MS_TEXT_DOMAIN);
}
wp_enqueue_script('utils');
wp_enqueue_script('user-profile');
if (count($err_msg->errors)) {
echo '<p class="error">' . implode('<br/>', $err_msg->get_error_messages()) . '</p>';
}
?>
<form name="resetpassform" id="resetpassform" action="" method="post" autocomplete="off">
<input type="hidden" id="user_login" value="<?php
echo esc_attr($rp_login);
?>
" autocomplete="off"/>
<p>
<label for="pass1"><?php
_e('New password', MS_TEXT_DOMAIN);
?>
<br/>
<input type="password" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off"/></label>
</p>
<p>
<label for="pass2"><?php
_e('Confirm new password', MS_TEXT_DOMAIN);
?>
<br/>
<input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off"/></label>
</p>
<div id="pass-strength-result"
class="hide-if-no-js"><?php
_e('Strength indicator', MS_TEXT_DOMAIN);
?>
</div>
<p class="description indicator-hint"><?php
_e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers, and symbols like ! " ? $ % ^ & ).', MS_TEXT_DOMAIN);
?>
</p>
<br class="clear"/>
<?php
// This action is documented in wp-login.php
do_action('resetpass_form', $user);
?>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit"
class="button button-primary button-large"
value="<?php
esc_attr_e('Reset Password');
?>
"/></p>
</form>
<?php
$html = ob_get_clean();
$html = apply_filters('ms_compact_code', $html);
return $html;
}
/**
* checks the passwords, checks that user is allowed to reset his password,
* update password, fills $page['errors'] and $page['infos'].
*
* @return bool (true if password was reset, false otherwise)
*/
function reset_password()
{
global $page, $conf;
if ($_POST['use_new_pwd'] != $_POST['passwordConf']) {
$page['errors'][] = l10n('The passwords do not match');
return false;
}
if (!isset($_GET['key'])) {
$page['errors'][] = l10n('Invalid key');
}
$user_id = check_password_reset_key($_GET['key']);
if (!is_numeric($user_id)) {
return false;
}
single_update(USERS_TABLE, array($conf['user_fields']['password'] => $conf['password_hash']($_POST['use_new_pwd'])), array($conf['user_fields']['id'] => $user_id));
single_update(USER_INFOS_TABLE, array('activation_key' => null, 'activation_key_expire' => null), array('user_id' => $user_id));
$page['infos'][] = l10n('Your password has been reset');
$page['infos'][] = '<a href="' . get_root_url() . 'identification.php">' . l10n('Login') . '</a>';
return true;
}
/**
* Return the user who is initiating the password reset, or false if not performing a reset
*
* @param string $rp_cookie Password reset cookie name
* @since 2.3
* @return WP_User|false User object if reset key and login name exist and are valid, false if not
*/
function rcp_get_user_resetting_password( $rp_cookie ) {
// check if the reset key and login name are valid
if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) {
list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
$user = check_password_reset_key( $rp_key, $rp_login );
} else {
$user = false;
}
if ( is_wp_error( $user ) ) {
$user = false;
}
return $user;
}
/**
* Resets the user's password if the password reset form was submitted.
*/
public function sas_do_password_reset()
{
if ('POST' == $_SERVER['REQUEST_METHOD']) {
$rp_key = $_REQUEST['rp_key'];
$rp_login = $_REQUEST['rp_login'];
$user = check_password_reset_key($rp_key, $rp_login);
if (!$user || is_wp_error($user)) {
if ($user && $user->get_error_code() === 'expired_key') {
wp_redirect(home_url('sas-login?login=expiredkey'));
} else {
wp_redirect(home_url('sas-login?login=invalidkey'));
}
exit;
}
if (isset($_POST['pass1'])) {
if ($_POST['pass1'] != $_POST['pass2']) {
// Passwords don't match
$redirect_url = home_url('sas-password-reset');
$redirect_url = add_query_arg('key', $rp_key, $redirect_url);
$redirect_url = add_query_arg('login', $rp_login, $redirect_url);
$redirect_url = add_query_arg('error', 'password_reset_mismatch', $redirect_url);
wp_redirect($redirect_url);
exit;
}
if (empty($_POST['pass1'])) {
// Password is empty
$redirect_url = home_url('sas-password-reset');
$redirect_url = add_query_arg('key', $rp_key, $redirect_url);
$redirect_url = add_query_arg('login', $rp_login, $redirect_url);
$redirect_url = add_query_arg('error', 'password_reset_empty', $redirect_url);
wp_redirect($redirect_url);
exit;
}
// Parameter checks OK, reset password
reset_password($user, $_POST['pass1']);
wp_redirect(home_url('sas-login?password=changed'));
} else {
echo "Invalid request.";
}
exit;
}
}
function simplr_login_switch()
{
$options = get_option('simplr_reg_options');
if (!isset($_GET['action'])) {
$_GET['action'] = 'login';
}
$action = $_GET['action'];
global $errors;
switch ($action) {
case 'logout':
check_admin_referer('log-out');
wp_logout();
$redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : 'wp-login.php?loggedout=true';
wp_safe_redirect($redirect_to);
exit;
break;
case 'lostpassword':
case 'retrievepassword':
?>
<form name="lostpasswordform" id="lostpasswordform" action="<?php
echo get_permalink($options->login_redirect);
?>
?action=lostpassword" method="post">
<p>
<label><?php
_e('Username or E-mail:', 'simplr-registration-form');
?>
<br />
<input type="text" name="user_login" id="user_login" class="input" value="" size="20" tabindex="10" /></label>
</p>
<?php
do_action('lostpassword_form');
?>
<input type="hidden" name="redirect_to" value="<?php
echo esc_attr(@$redirect_to);
?>
" />
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php
esc_attr_e('Get New Password', 'simplr-registration-form');
?>
" tabindex="100" /></p>
</form>
<p id="nav">
<a href="<?php
echo site_url('wp-login.php', 'login');
?>
"><?php
_e('Log in', 'simplr-registration-form');
?>
</a>
<?php
if (get_option('users_can_register')) {
?>
| <a href="<?php
echo site_url('wp-login.php?action=register', 'login');
?>
"><?php
_e('Register', 'simplr-registration-form');
?>
</a>
<?php
}
?>
</p>
<?php
login_footer('user_login');
break;
case 'resetpass':
case 'rp':
$user = check_password_reset_key($_GET['key'], $_GET['login']);
if (is_wp_error($user)) {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey'));
exit;
}
$errors = '';
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.', 'simplr-registration-form'));
} elseif (isset($_POST['pass1']) && !empty($_POST['pass1'])) {
reset_password($user, $_POST['pass1']);
login_header(__('Password Reset', 'simplr-registration-form'), '<p class="message reset-pass">' . __('Your password has been reset.', 'simplr-registration-form') . ' <a href="' . site_url('wp-login.php', 'login') . '">' . __('Log in', 'simplr-registration-form') . '</a></p>');
login_footer();
exit;
}
wp_enqueue_script('utils');
wp_enqueue_script('user-profile');
login_header(__('Reset Password', 'simplr-registration-form'), '<p class="message reset-pass">' . __('Enter your new password below.', 'simplr-registration-form') . '</p>', $errors);
?>
<form name="resetpassform" id="resetpassform" action="<?php
echo get_permalink($options->login_redirect) . '?action=resetpass&key=' . urlencode($_GET['key']) . '&login='******'login']);
?>
" method="post">
<input type="hidden" id="user_login" value="<?php
echo esc_attr($_GET['login']);
?>
" autocomplete="off" />
<p>
<label><?php
_e('New password', 'simplr-registration-form');
?>
<br />
<input type="password" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" /></label>
</p>
<p>
<label><?php
_e('Confirm new password', 'simplr-registration-form');
?>
<br />
<input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" /></label>
</p>
<div id="pass-strength-result" class="hide-if-no-js"><?php
_e('Strength indicator', 'simplr-registration-form');
?>
</div>
<p class="description indicator-hint"><?php
_e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).', 'simplr-registration-form');
?>
</p>
<br class="clear" />
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php
esc_attr_e('Reset Password', 'simplr-registration-form');
?>
" tabindex="100" /></p>
</form>
<p id="nav">
<a href="<?php
echo site_url('wp-login.php', 'login');
?>
"><?php
_e('Log in', 'simplr-registration-form');
?>
</a>
<?php
if (get_option('users_can_register')) {
?>
| <a href="<?php
echo site_url('wp-login.php?action=register', 'login');
?>
"><?php
_e('Register', 'simplr-registration-form');
?>
</a>
<?php
}
?>
</p>
<?php
login_footer('user_pass');
break;
case 'login':
default:
$redirect_to = !isset($redirect_to) ? apply_filters('simplr_login_redirect', home_url(), $action) : $redirect_to;
if (isset($_POST['log'])) {
$user_login = '******' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ? esc_attr(stripslashes($_POST['log'])) : '';
}
$rememberme = !empty($_POST['rememberme']);
?>
<form name="loginform" id="loginform" action="<?php
echo get_permalink($options->login_redirect);
?>
?action=<?php
echo $action;
?>
" method="post">
<p>
<label><?php
_e('Username', 'simplr-registration-form');
?>
<br />
<input type="text" name="log" id="user_login" class="input" value="<?php
echo esc_attr(@$user_login);
?>
" size="20" tabindex="10" /></label>
</p>
<p>
<label><?php
_e('Password', 'simplr-registration-form');
?>
<br />
<input type="password" name="pwd" id="user_pass" class="input" value="" size="20" tabindex="20" /></label>
</p>
<?php
do_action('login_form');
?>
<p class="forgetmenot"><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90"<?php
checked($rememberme);
?>
/> <?php
esc_attr_e('Remember Me', 'simplr-registration-form');
?>
</label></p>
<p class="submit">
<input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php
esc_attr_e('Log In', 'simplr-registration-form');
?>
" tabindex="100" />
<?php
if (isset($interim_login)) {
?>
<input type="hidden" name="interim-login" value="1" />
<?php
} else {
?>
<input type="hidden" name="redirect_to" value="<?php
echo esc_attr($redirect_to);
?>
" />
<?php
}
?>
<input type="hidden" name="testcookie" value="1" />
</p>
</form>
<?php
if (!isset($interim_login)) {
?>
<p id="nav">
<?php
if (isset($_GET['checkemail']) && in_array($_GET['checkemail'], array('confirm', 'newpass'))) {
?>
<?php
} elseif (get_option('users_can_register')) {
?>
<a href="<?php
echo site_url('wp-login.php?action=register', 'login');
?>
"><?php
_e('Register', 'simplr-registration-form');
?>
</a> |
<a href="<?php
echo site_url('wp-login.php?action=lostpassword', 'login');
?>
" title="<?php
_e('Password Lost and Found', 'simplr-registration-form');
?>
"><?php
_e('Lost your password?', 'simplr-registration-form');
?>
</a>
<?php
} else {
?>
<a href="<?php
echo site_url('wp-login.php?action=lostpassword', 'login');
?>
" title="<?php
_e('Password Lost and Found', 'simplr-registration-form');
?>
"><?php
_e('Lost your password?', 'simplr-registration-form');
?>
</a>
<?php
}
?>
</p>
<?php
}
?>
<script type="text/javascript">
function wp_attempt_focus(){
setTimeout( function(){ try{
<?php
if (isset($user_login) || isset($interim_login)) {
?>
d = document.getElementById('user_pass');
d.value = '';
<?php
} else {
?>
d = document.getElementById('user_login');
<?php
if ('invalid_username' == @$errors->get_error_code()) {
?>
if( d.value != '' )
d.value = '';
<?php
}
}
?>
d.focus();
d.select();
} catch(e){}
}, 200);
}
<?php
if (!$error) {
?>
wp_attempt_focus();
<?php
}
?>
if(typeof wpOnload=='function') wpOnload();
</script>
<?php
login_footer();
break;
}
// end action switch
}
?>
"><?php
_e('Register');
?>
</a>
<?php
}
?>
</p>
<?php
login_footer('user_login');
break;
case 'resetpass':
case 'rp':
$user = check_password_reset_key($_GET['key'], $_GET['login']);
if (is_wp_error($user)) {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey'));
exit;
}
$errors = new WP_Error();
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$errors->add('password_reset_mismatch', __('The passwords do not match.'));
}
do_action('validate_password_reset', $errors, $user);
if (!$errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) {
reset_password($user, $_POST['pass1']);
login_header(__('Password Reset'), '<p class="message reset-pass">' . __('Your password has been reset.') . ' <a href="' . esc_url(wp_login_url()) . '">' . __('Log in') . '</a></p>');
login_footer();
exit;
}
function wp_doin_verify_user_key()
{
global $gf_reset_user;
// analyze wp-login.php for a better understanding of these values
list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI']));
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
// lets redirect the user on pass change, so that nobody could spoof his key
if (isset($_GET['key']) and isset($_GET['method'])) {
if ($_GET['method'] == 'gf') {
$value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key']));
setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
wp_safe_redirect(remove_query_arg(array('key', 'login', 'method')));
exit;
}
}
// lets compare the validation cookie with the hash key stored with the database data
// if they match user data will be returned
if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) {
list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2);
$user = check_password_reset_key($rp_key, $rp_login);
if (isset($_POST['pass1']) && !hash_equals($rp_key, $_POST['rp_key'])) {
$user = false;
}
} else {
$user = false;
}
// if any error occured make sure to remove the validation cookie
if (!$user || is_wp_error($user)) {
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
}
// make sure our user is available for later reference
$gf_reset_user = $user;
}
function pieOutputLoginForm($piereg_widget = false)
{
$users_can_register = get_option("users_can_register");
$option = get_option("pie_register_2");
$form_data = "";
$form_data .= '<div class="piereg_container">
<div class="piereg_login_container">
<div class="piereg_login_wrapper">';
//If Registration contanis errors
global $wp_session, $errors;
$newpasspageLock = 0;
if (isset($_GET['payment']) && $_GET['payment'] == "success") {
$fields = maybe_unserialize(get_option("pie_fields"));
$login_success = apply_filters("piereg_success_message", __($fields['submit']['message'], "piereg"));
unset($fields);
} elseif (isset($_GET['payment']) && $_GET['payment'] == "cancel") {
/******************************************************/
/*$user_id = intval(base64_decode($_GET['pay_id']));
$user_data = get_userdata($user_id);
if(is_object($user_data)){
$form = new Registration_form();
$option = get_option( 'pie_register_2' );
$subject = html_entity_decode($option['user_subject_email_payment_faild'],ENT_COMPAT,"UTF-8");
$message_temp = "";
if($option['user_formate_email_payment_faild'] == "0"){
$message_temp = nl2br(strip_tags($option['user_message_email_payment_faild']));
}else{
$message_temp = $option['user_message_email_payment_faild'];
}
$message = $form->filterEmail($message_temp,$user_data, "" );
$from_name = $option['user_from_name_payment_faild'];
$from_email = $option['user_from_email_payment_faild'];
$reply_email = $option['user_to_email_payment_faild'];
//Headers
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n";
if(!empty($from_email) && filter_var($from_email,FILTER_VALIDATE_EMAIL))//Validating From
$headers .= "From: ".$from_name." <".$from_email."> \r\n";
if($reply_email){
$headers .= "Reply-To: {$reply_email}\r\n";
$headers .= "Return-Path: {$from_name}\r\n";
}else{
$headers .= "Reply-To: {$from_email}\r\n";
$headers .= "Return-Path: {$from_email}\r\n";
}
wp_mail($user_data->user_email, $subject, $message , $headers);
unset($user_data);
}*/
/******************************************************/
$login_error = apply_filters("piereg_cancled_message", __("You canceled your payment.", "piereg"));
}
if (isset($errors->errors['login-error'][0]) > 0) {
$login_error = apply_filters("piereg_login_error", __($errors->errors['login-error'][0], "piereg"));
} else {
if (!empty($_GET['action'])) {
if ('loggedout' == $_GET['action']) {
$login_warning = '<strong>' . ucwords(__("warning", "piereg")) . '</strong>: ' . apply_filters("piereg_now_logout", __("You are now logged out.", "piereg"));
} elseif ('recovered' == $_GET['action']) {
$login_success = '<strong>' . ucwords(__("success", "piereg")) . '</strong>: ' . apply_filters("piereg_check_yor_emailconfrm_link", __("Check your e-mail for the confirmation link.", "piereg"));
} elseif ('payment_cancel' == $_GET['action']) {
$login_warning = '<strong>' . ucwords(__("warning", "piereg")) . '</strong>: ' . apply_filters("piereg_canelled_your_registration", __("You have canelled your registration.", "piereg"));
} elseif ('payment_success' == $_GET['action']) {
$login_success = '<strong>' . ucwords(__("success", "piereg")) . '</strong>: ' . apply_filters("piereg_thank_you_for_registration", __("Thank you for your registration. You will receieve your login credentials soon.", "piereg"));
} elseif ('activate' == $_GET['action']) {
$unverified = get_users(array('meta_key' => 'hash', 'meta_value' => $_GET['activation_key']));
if (sizeof($unverified) == 1) {
$user_id = $unverified[0]->ID;
$user_login = $unverified[0]->user_login;
$user_email = $unverified[0]->user_email;
if ($user_login == $_GET['id']) {
update_user_meta($user_id, 'active', 1);
$hash = "";
update_user_meta($user_id, 'hash', $hash);
/*************************************/
/////////// THANK YOU E-MAIL //////////
$form = new Registration_form();
$subject = html_entity_decode($option['user_subject_email_email_thankyou'], ENT_COMPAT, "UTF-8");
$message_temp = "";
if ($option['user_formate_email_email_thankyou'] == "0") {
$message_temp = nl2br(strip_tags($option['user_message_email_email_thankyou']));
} else {
$message_temp = $option['user_message_email_email_thankyou'];
}
$message = $form->filterEmail($message_temp, $user_email);
$from_name = $option['user_from_name_email_thankyou'];
$from_email = $option['user_from_email_email_thankyou'];
$reply_email = $option['user_to_email_email_thankyou'];
//Headers
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n";
if (!empty($from_email) && filter_var($from_email, FILTER_VALIDATE_EMAIL)) {
//Validating From
$headers .= "From: " . $from_name . " <" . $from_email . "> \r\n";
}
if ($reply_email) {
$headers .= "Reply-To: {$reply_email}\r\n";
$headers .= "Return-Path: {$from_name}\r\n";
} else {
$headers .= "Reply-To: {$from_email}\r\n";
$headers .= "Return-Path: {$from_email}\r\n";
}
wp_mail($user_email, $subject, $message, $headers);
/////////// END THANK YOU E-MAIL //////////
/*************************************/
$login_success = '<strong>' . ucwords(__("success", "piereg")) . '</strong>: ' . apply_filters("piereg_your_account_is_now_active", __("Your account is now active", "piereg"));
} else {
$login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_invalid_activation_key", __("Invalid activation key", "piereg"));
}
} else {
$user_name = esc_sql($_GET['id']);
$user = get_userdatabylogin($user_name);
if ($user) {
$user_meta = get_user_meta($user->ID, 'active');
if (isset($user_meta[0]) && $user_meta[0] == 1) {
$login_warning = '<strong>' . ucwords(__("warning", "piereg")) . '</strong>: ' . apply_filters("piereg_canelled_your_registration", __("You are already activate", "piereg"));
unset($user_meta);
unset($user_name);
unset($user);
} else {
$login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_invalid_activation_key", __("Invalid activation key", "piereg"));
}
} else {
$login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_invalid_activation_key", __("You are block", "piereg"));
}
}
} elseif ('resetpass' == $_GET['action'] || 'rp' == $_GET['action']) {
$user = check_password_reset_key($_GET['key'], $_GET['login']);
if (is_wp_error($user)) {
if ($user->get_error_code() === 'expired_key') {
$login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_you_key_has_been_expired", __("You key has been expired, please reset password again!", "piereg") . ' <a href="' . pie_lostpassword_url() . '" title="' . __("Password Lost and Found", "piereg") . '">' . __("Lost your password?", "piereg") . '</a>');
} else {
$login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_this_reset_key_invalid_or_no_longer_exists", __("This Reset key is invalid or no longer exists. Please reset password again!", "piereg") . ' <a href="' . pie_lostpassword_url() . '" title="' . __("Password Lost and Found", "piereg") . '">' . __("Lost your password?", "piereg") . '</a>');
}
$newpasspageLock = 1;
} else {
$login_warning = '<strong>' . ucwords(__("warning", "piereg")) . '</strong>: ' . __('Enter your new password below.', "piereg");
}
if (isset($_POST['pass1'])) {
$errors = new WP_Error();
if (isset($_POST['pass1']) && trim($_POST['pass1']) == "") {
$login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_invalid_password", __('Invalid Password', "piereg"));
$errors->add('password_reset_mismatch', $login_error);
} elseif (isset($_POST['pass1']) and strlen($_POST['pass1']) < 7) {
$login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_minimum_8_characters_required_in_password", __('Minimum 8 characters required in password', "piereg"));
$errors->add('password_reset_mismatch', $login_error);
} elseif (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_the_passwords_do_not_match", __('The passwords do not match', "piereg"));
$errors->add('password_reset_mismatch', $login_error);
}
do_action('validate_password_reset', $errors, $user);
if (!$errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) {
reset_password($user, $_POST['pass1']);
$newpasspageLock = 1;
$login_warning = '';
$login_error = '';
$login_success = '<strong>' . ucwords(__("success", "piereg")) . '</strong>: ' . apply_filters("piereg_your_password_has_been_reset", __('Your password has been reset.', "piereg"));
}
}
}
}
}
if (trim($wp_session['message']) != "") {
$form_data .= '<p class="piereg_login_error"> ' . apply_filters('piereg_messages', __($wp_session['message'], "piereg")) . "</p>";
$wp_session['message'] = "";
}
if (!empty($login_error)) {
$form_data .= '<p class="piereg_login_error"> ' . apply_filters('piereg_messages', $login_error) . "</p>\n";
}
if (!empty($login_success)) {
$form_data .= '<p class="piereg_message">' . apply_filters('piereg_messages', $login_success) . "</p>\n";
}
if (!empty($login_warning)) {
$form_data .= '<p class="piereg_warning">' . apply_filters('piereg_messages', $login_warning) . "</p>\n";
}
if (isset($_POST['success']) && $_POST['success'] != "") {
$form_data .= '<p class="piereg_message">' . apply_filters('piereg_messages', __($_POST['success'], "piereg")) . '</p>';
}
if (isset($_POST['error']) && $_POST['error'] != "") {
$form_data .= '<p class="piereg_login_error">' . apply_filters('piereg_messages', __($_POST['error'], "piereg")) . '</p>';
}
if (isset($_GET['action']) && ('rp' == $_GET['action'] || 'resetpass' == $_GET['action']) && $newpasspageLock == 0) {
$form_data .= '
<form name="resetpassform" class="piereg_resetpassform" action="' . pie_modify_custom_url(pie_login_url(), 'action=resetpass&key=' . urlencode($_GET['key']) . '&login='******'login'])) . '" method="post" autocomplete="off">
<input type="hidden" id="user_login" value="' . esc_attr($_GET['login']) . '" autocomplete="off">
<div class="field">
<label for="pass1">' . __("New password", "piereg") . '</label>
<input type="password" name="pass1" id="pass1" class="input validate[required]" size="20" value="" autocomplete="off">
</div>
<div class="field">
<label for="pass2">' . __("Confirm new password", "piereg") . '</label>
<input type="password" name="pass2" id="pass2" class="input validate[required,equals[pass1]]" size="20" value="" autocomplete="off">
</div>
<div class="pie_submit">
<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="' . __("Reset Password", "piereg") . '">
</div>
<div class="field">
<div class="nav">
<a href="' . pie_login_url() . '">' . __("Log in", "piereg") . '</a>';
if ($users_can_register == 1) {
$form_data .= ' | <a href="' . pie_registration_url() . '">' . __("Register", "piereg") . '</a>';
}
$form_data .= '</div>
</div>
<div class="backtoblog">
<a title="' . __("Are you lost?", "piereg") . '" href="' . get_bloginfo("url") . '">← ' . __("Back to", "piereg") . ' ' . get_bloginfo("name") . '</a>
</div>
</form>';
} else {
$form_data .= '
<form method="post" action="" class="piereg_loginform" name="loginform">
<p>';
if (isset($option['login_username_label']) && !empty($option['login_username_label'])) {
$form_data .= '<label for="user_login">' . (isset($option['login_username_label']) && !empty($option['login_username_label']) ? __($option['login_username_label'], "piereg") : __("Username", "piereg")) . '</label>';
}
$user_name_val = isset($_POST['log']) && !empty($_POST['log']) ? $_POST['log'] : "";
$form_data .= '<input placeholder="' . (isset($option['login_username_placeholder']) && !empty($option['login_username_placeholder']) ? __($option['login_username_placeholder'], "piereg") : "") . '" type="text" size="20" value="' . $user_name_val . '" class="input validate[required]" id="user_login" name="log">
</p>
<p>';
if (isset($option['login_password_label']) && !empty($option['login_password_label'])) {
$form_data .= '<label for="user_pass">' . (isset($option['login_password_label']) && !empty($option['login_password_label']) ? __($option['login_password_label'], "piereg") : __("Password", "piereg")) . '</label>';
}
$form_data .= '
<input placeholder="' . (isset($option['login_password_placeholder']) && !empty($option['login_password_placeholder']) ? __($option['login_password_placeholder'], "piereg") : "") . '" type="password" size="20" value="" class="input validate[required]" id="user_pass" name="pwd">
</p>';
global $piereg_math_captcha_login, $piereg_math_captcha_login_widget;
if ($option['capthca_in_login'] != 0 && !empty($option['capthca_in_login'])) {
if ($piereg_math_captcha_login == false && $piereg_widget == false) {
$form_data .= '<p>';
if (!empty($option['capthca_in_login_label'])) {
$form_data .= '<label style="margin-top:0px;">' . $option['capthca_in_login_label'] . '</label>';
}
$form_data .= login_form_captcha($option['capthca_in_login'], $piereg_widget);
$form_data .= '</p>';
$piereg_math_captcha_login = true;
} elseif ($piereg_math_captcha_login_widget == false && $piereg_widget == true) {
$form_data .= '<p>';
if (!empty($option['capthca_in_login_label'])) {
$form_data .= '<label style="margin-top:0px;">' . $option['capthca_in_login_label'] . '</label>';
}
$form_data .= login_form_captcha($option['capthca_in_login'], $piereg_widget);
$form_data .= '</p>';
$piereg_math_captcha_login_widget = true;
}
}
//if(!is_page()) {
$form_data .= '
<p class="forgetmenot">
<label for="rememberme">
<input type="checkbox" value="forever" id="rememberme" name="rememberme"> ' . __("Remember Me", "piereg") . '
</label>
</p>';
//}
$form_data .= '
<p class="submit">
<input type="submit" value="' . __("Log In", "piereg") . '" class="button button-primary button-large" id="wp-submit" name="wp-submit">
<input type="hidden" value="' . admin_url() . '" name="redirect_to">
<input type="hidden" value="1" name="testcookie">
</p>';
//if(!is_page() ) {
$form_data .= '<p id="nav">';
if ($users_can_register == 1) {
$form_data .= '<a href="' . pie_registration_url() . '">' . __("Register", "piereg") . '</a> <a style="cursor:default;text-decoration:none;" href="javascript:;"> | </a> ';
}
$form_data .= '<a title="' . __("Password Lost and Found", "piereg") . '" href="' . pie_lostpassword_url() . '">' . __("Lost your password?", "piereg") . '</a> </p>';
//}
?>
<?php
if (isset($pagenow) && $pagenow == 'wp-login.php') {
$form_data .= '
<p id="backtoblog"><a title="' . __("Are you lost?", "piereg") . '" href="' . bloginfo("url") . '">←' . __(" Back to", "piereg") . ' ' . get_bloginfo("name") . '</a></p>';
}
$form_data .= '
</form>';
}
$form_data .= '</div>
</div></div>';
return $form_data;
}
/**
* Смена пароля пользователя если пароль был отправлен через форму
*/
public function do_password_reset()
{
if ('POST' == $_SERVER['REQUEST_METHOD']) {
$rp_key = $_REQUEST['rp_key'];
$rp_login = $_REQUEST['rp_login'];
$user = check_password_reset_key($rp_key, $rp_login);
if (!$user || is_wp_error($user)) {
if ($user && $user->get_error_code() === 'expired_key') {
wp_redirect(home_url('member-login?login=expiredkey'));
} else {
wp_redirect(home_url('member-login?login=invalidkey'));
}
exit;
}
if (isset($_POST['pass1'])) {
if ($_POST['pass1'] != $_POST['pass2']) {
// Пароли не совпадают
$redirect_url = home_url('member-password-reset');
$redirect_url = add_query_arg('key', $rp_key, $redirect_url);
$redirect_url = add_query_arg('login', $rp_login, $redirect_url);
$redirect_url = add_query_arg('error', 'password_reset_mismatch', $redirect_url);
wp_redirect($redirect_url);
exit;
}
if (empty($_POST['pass1'])) {
// Пароль пустой
$redirect_url = home_url('member-password-reset');
$redirect_url = add_query_arg('key', $rp_key, $redirect_url);
$redirect_url = add_query_arg('login', $rp_login, $redirect_url);
$redirect_url = add_query_arg('error', 'password_reset_empty', $redirect_url);
wp_redirect($redirect_url);
exit;
}
// Проверка параметров ОК, сброс пароля
reset_password($user, $_POST['pass1']);
wp_redirect(home_url('member-login?password=changed'));
} else {
echo "Недопустимый запрос.";
}
exit;
}
}
/**
* Resets the user's password if the password reset form was submitted.
*/
public static function do_password_reset()
{
if (isset($_REQUEST['reset_password']) && isset($_REQUEST['reset_key']) && isset($_REQUEST['reset_login'])) {
$reset_key = $_REQUEST['reset_key'];
$reset_login = $_REQUEST['reset_login'];
$user = check_password_reset_key($reset_key, $reset_login);
if (is_wp_error($user)) {
if ($user->get_error_code() === 'expired_key') {
wp_redirect(pp_password_reset_url() . '?login=expiredkey');
} else {
wp_redirect(pp_password_reset_url() . '?login=invalidkey');
}
exit;
}
if (isset($_POST['password1']) && isset($_POST['password2'])) {
if ($_POST['password1'] != $_POST['password2']) {
// Passwords don't match
$redirect_url = add_query_arg(array('key' => $reset_key, 'login' => $reset_login, 'error' => 'password_mismatch'), pp_password_reset_url());
wp_redirect($redirect_url);
exit;
}
if (empty($_POST['password1'])) {
// Empty password
$redirect_url = add_query_arg(array('key' => $reset_key, 'login' => $reset_login, 'error' => 'password_empty'), pp_password_reset_url());
wp_redirect($redirect_url);
exit;
}
// Everything is cool now.
reset_password($user, $_POST['password1']);
wp_redirect(pp_password_reset_url() . '?password=changed');
exit;
} else {
$redirect_url = add_query_arg(array('key' => $reset_key, 'login' => $reset_login, 'error' => 'invalid'), pp_password_reset_url());
wp_redirect($redirect_url);
exit;
}
// be double sure the function is exited :D
exit;
}
}
/**
* Reset Password hooks
*/
function action_reset_pass()
{
list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI']));
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
if (isset($_GET['key'])) {
$value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key']));
setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
wp_safe_redirect(remove_query_arg(array('key', 'login')));
exit;
}
if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) {
list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2);
$user = check_password_reset_key($rp_key, $rp_login);
} else {
$user = false;
}
if (!$user || is_wp_error($user)) {
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
if ($user && $user->get_error_code() === 'expired_key') {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey'));
} else {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey'));
}
exit;
}
$errors = new WP_Error();
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$errors->add('password_reset_mismatch', __('The passwords do not match.', 'colabsthemes'));
}
/**
* Fires before the password reset procedure is validated.
*
* @since 3.5.0
*
* @param object $errors WP Error object.
* @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise.
*/
do_action('validate_password_reset', $errors, $user);
if (!$errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) {
reset_password($user, $_POST['pass1']);
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
$message = __('Your password has been reset.', 'colabsthemes') . ' <a href="' . esc_url(wp_login_url()) . '">' . __('Log in', 'colabsthemes') . '</a>';
}
wp_enqueue_script('password-strength-meter');
wp_enqueue_script('zxcvbn-async');
wp_enqueue_script('custom-strengthmeter', trailingslashit(get_template_directory_uri()) . 'includes/js/custom-strengthmeter.js');
if (isset($message) && !empty($message)) {
$this->render_messages($message);
}
if (isset($errors) && sizeof($errors) > 0 && $errors->get_error_code()) {
$this->render_messages($errors);
}
$this->reset_pass_form($rp_key);
}