+ if ( ! $user || is_wp_error( $user ) ) {
+ setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
+ if ( $user && $user->get_error_code() === 'expired_key' )
+ wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) );
+ else
+ wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) );
+ exit;
+ }
+
+ $errors = new WP_Error();
+
+ if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] )
+ $errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
+
+ /**
+ * Fires before the password reset procedure is validated.
+ *
+ * @since 3.5.0
+ *
+ * @param object $errors WP Error object.
+ * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise.
+ */
+ do_action( 'validate_password_reset', $errors, $user );
+
+ if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
+ reset_password($user, $_POST['pass1']);
+ setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
+ login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' );
+ login_footer();
+ exit;
+ }
+
+ wp_enqueue_script('utils');
+ wp_enqueue_script('user-profile');
+
+ login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors );
+
+?>
+<form name="resetpassform" id="resetpassform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=resetpass', 'login_post' ) ); ?>" method="post" autocomplete="off">
+ <input type="hidden" id="user_login" value="<?php echo esc_attr( $rp_login ); ?>" autocomplete="off" />
+
+ <p>
+ <label for="pass1"><?php _e('New password') ?><br />
+ <input type="password" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" /></label>
+ </p>
+ <p>
+ <label for="pass2"><?php _e('Confirm new password') ?><br />
+ <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" /></label>
+ </p>
+
+ <div id="pass-strength-result" class="hide-if-no-js"><?php _e('Strength indicator'); ?></div>
+ <p class="description indicator-hint"><?php echo wp_get_password_hint(); ?></p>
+ <br class="clear" />
+
+ <?php
+ /**
+ * Fires following the 'Strength indicator' meter in the user password reset form.
+ *
+ * @since 3.9.0
+ *
+ * @param WP_User $user User object of the user whose password is being reset.
+ */
+ do_action( 'resetpass_form', $user );
+ ?>
+ <input type="hidden" name="rp_key" value="<?php echo esc_attr( $rp_key ); ?>" />
+ <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Reset Password'); ?>" /></p>
+</form>
+
+<p id="nav">
+<a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
+<?php
+if ( get_option( 'users_can_register' ) ) :
+ $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
+
+ /** This filter is documented in wp-includes/general-template.php */
+ echo ' | ' . apply_filters( 'register', $registration_url );
+endif;
+?>
+</p>