";
+
+ if ( isset($_GET['error']) && 'invalidkey' == $_GET['error'] ) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.'));
+
+ do_action('lost_password');
+ login_header(__('Lost Password'), '
' . __('Please enter your username or e-mail address. You will receive a new password via e-mail.') . '
+
+
user_login;
- $user_email = $user_data->user_email;
-
- if (!$user_email || $user_email != $_POST['email'])
- die(sprintf(__('Sorry, that user does not seem to exist in our database. Perhaps you have the wrong username or e-mail address? Try again.'), 'wp-login.php?action=lostpassword'));
+case 'resetpass' :
+case 'rp' :
+ $errors = reset_password($_GET['key']);
-do_action('retreive_password', $user_login); // Misspelled and deprecated.
-do_action('retrieve_password', $user_login);
+ if ( ! is_wp_error($errors) ) {
+ wp_redirect('wp-login.php?checkemail=newpass');
+ exit();
+ }
- // Generate something random for a password... md5'ing current time with a rand salt
- $key = substr( md5( uniqid( microtime() ) ), 0, 50);
- // now insert the new pass md5'd into the db
- $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'");
- $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n";
- $message .= get_option('siteurl') . "\r\n\r\n";
- $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
- $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
- $message .= get_settings('siteurl') . "/wp-login.php?action=resetpass&key=$key\r\n";
+ wp_redirect('wp-login.php?action=lostpassword&error=invalidkey');
+ exit();
- $m = wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_settings('blogname')), $message);
+break;
- if ($m == false) {
- echo '
' . __('The e-mail could not be sent.') . " \n";
- echo __('Possible reason: your host may have disabled the mail() function...') . "
";
- die();
- } else {
- echo '
' . sprintf(__("The e-mail was sent successfully to %s's e-mail address."), $user_login) . ' ';
- echo "" . __('Click here to login!') . '
', $errors);
+?>
- // Generate something random for a password... md5'ing current time with a rand salt
- $key = preg_replace('/[^a-z0-9]/i', '', $_GET['key']);
- if ( empty($key) )
- die( __('Sorry, that key does not appear to be valid.') );
- $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'");
- if ( !$user )
- die( __('Sorry, that key does not appear to be valid.') );
+
- do_action('password_reset');
+
";
+ $errors = $user;
+ // Clear errors if loggedout is set.
+ if ( !empty($_GET['loggedout']) )
+ $errors = new WP_Error();
+
+ // If cookies are disabled we can't log in even with a valid user+pass
+ if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
+ $errors->add('test_cookie', __("ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress."));
+
+ // Some parts of this script use the main login form to display a message
+ if ( isset($_GET['loggedout']) && TRUE == $_GET['loggedout'] ) $errors->add('loggedout', __('You are now logged out.'), 'message');
+ elseif ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] ) $errors->add('registerdisabled', __('User registration is currently not allowed.'));
+ elseif ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] ) $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
+ elseif ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] ) $errors->add('newpass', __('Check your e-mail for your new password.'), 'message');
+ elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] ) $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
+
+ login_header(__('Log In'), '', $errors);
+
+ if ( isset($_POST['log']) )
+ $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(stripslashes($_POST['log'])) : '';
?>
-
-