/** * Return password reset handler form or redirect to password reset page when key is invalid. * * @param int $id * * @return null|string */ public function get_password_reset_handler_structure($id) { // Verify key / login combo $user = check_password_reset_key($_REQUEST['key'], $_REQUEST['login']); if (!$user || is_wp_error($user)) { if ($user && $user->get_error_code() === 'expired_key') { wp_redirect(pp_password_reset_url() . '?error=expiredkey'); } else { wp_redirect(pp_password_reset_url() . '?error=invalidkey'); } exit; } else { $handler_structure = PROFILEPRESS_sql::get_password_reset_handler_structure($id); $handler_structure .= '<input type="hidden" name="reset_key" value="' . esc_attr($_REQUEST['key']) . '">'; $handler_structure .= '<input type="hidden" name="reset_login" value="' . esc_attr($_REQUEST['login']) . '">'; } return $handler_structure; }
/** * Resets the user's password if the password reset form was submitted. */ public static function do_password_reset() { if (isset($_REQUEST['reset_password']) && isset($_REQUEST['reset_key']) && isset($_REQUEST['reset_login'])) { $reset_key = $_REQUEST['reset_key']; $reset_login = $_REQUEST['reset_login']; $user = check_password_reset_key($reset_key, $reset_login); if (is_wp_error($user)) { if ($user->get_error_code() === 'expired_key') { wp_redirect(pp_password_reset_url() . '?login=expiredkey'); } else { wp_redirect(pp_password_reset_url() . '?login=invalidkey'); } exit; } if (isset($_POST['password1']) && isset($_POST['password2'])) { if ($_POST['password1'] != $_POST['password2']) { // Passwords don't match $redirect_url = add_query_arg(array('key' => $reset_key, 'login' => $reset_login, 'error' => 'password_mismatch'), pp_password_reset_url()); wp_redirect($redirect_url); exit; } if (empty($_POST['password1'])) { // Empty password $redirect_url = add_query_arg(array('key' => $reset_key, 'login' => $reset_login, 'error' => 'password_empty'), pp_password_reset_url()); wp_redirect($redirect_url); exit; } // Everything is cool now. reset_password($user, $_POST['password1']); wp_redirect(pp_password_reset_url() . '?password=changed'); exit; } else { $redirect_url = add_query_arg(array('key' => $reset_key, 'login' => $reset_login, 'error' => 'invalid'), pp_password_reset_url()); wp_redirect($redirect_url); exit; } // be double sure the function is exited :D exit; } }
/** * Get front-end do password reset form url. * * @param string $user_login * @param string $key * * @return string */ function pp_get_do_password_reset_url($user_login, $key) { if (apply_filters('pp_front_end_do_password_reset', true)) { $url = pp_password_reset_url() . "?key={$key}&login="******"?key={$key}&login=" . rawurlencode($user_login); } return $url; }