Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

229 lines (167 sloc) 6.347 kb
<?php
/**
* Lost Password Shortcode
*
* Displays the lost password / reset password forms
*
* @author WooThemes
* @category Shortcodes
* @package WooCommerce/Shortcodes/Lost Password
* @version 1.7.0
*/
/**
* Get the lost password shortcode content.
*
* @access public
* @return string
*/
function get_woocommerce_lost_password() {
global $woocommerce;
return $woocommerce->shortcode_wrapper( 'woocommerce_lost_password' );
}
/**
* Output the lost password shortcode.
*
* @access public
* @return void
*/
function woocommerce_lost_password() {
global $woocommerce;
$woocommerce->nocache();
global $post;
// arguments to pass to template
$args = array( 'form' => 'lost_password' );
// process lost password form
if( isset( $_POST['user_login'] ) ) {
$woocommerce->verify_nonce( 'lost_password' );
woocommerce_retrieve_password();
}
// process reset key / login from email confirmation link
if( isset( $_GET['key'] ) && isset( $_GET['login'] ) ) {
$user = woocommerce_check_password_reset_key( $_GET['key'], $_GET['login'] );
// reset key / login is correct, display reset password form with hidden key / login values
if( is_object( $user ) ) {
$args['form'] = 'reset_password';
$args['key'] = esc_attr( $_GET['key'] );
$args['login'] = esc_attr( $_GET['login'] );
}
}
// process reset password form
if( isset( $_POST['password_1'] ) && isset( $_POST['password_2'] ) && isset( $_POST['reset_key'] ) && isset( $_POST['reset_login'] ) ) :
// verify reset key again
$user = woocommerce_check_password_reset_key( $_POST['reset_key'], $_POST['reset_login'] );
if( is_object( $user ) ) {
// save these values into the form again in case of errors
$args['key'] = esc_attr( $_POST['reset_key'] );
$args['login'] = esc_attr( $_POST['reset_login'] );
$woocommerce->verify_nonce( 'reset_password' );
if( empty( $_POST['password_1'] ) || empty( $_POST['password_2'] ) ) {
$woocommerce->add_error( __( 'Please enter your password.', 'woocommerce' ) );
$args['form'] = 'reset_password';
}
if( $_POST[ 'password_1' ] !== $_POST[ 'password_2' ] ) {
$woocommerce->add_error( __('Passwords do not match.', 'woocommerce') );
$args['form'] = 'reset_password';
}
if( 0 == $woocommerce->error_count() && ( $_POST['password_1'] == $_POST['password_2'] ) ) {
woocommerce_reset_password( $user, esc_attr( $_POST['password_1'] ) );
do_action( 'woocommerce_customer_reset_password', $user );
$woocommerce->add_message( __( 'Your password has been reset.', 'woocommerce' ) . ' <a href="' . get_permalink( woocommerce_get_page_id( 'myaccount' ) ) . '">' . __( 'Log in', 'woocommerce' ) . '</a>' );
}
}
endif;
woocommerce_get_template( 'myaccount/form-lost-password.php', $args );
}
/**
* Handles sending password retrieval email to customer.
*
* @access public
* @uses $wpdb WordPress Database object
* @return bool True: when finish. False: on error
*/
function woocommerce_retrieve_password() {
global $woocommerce,$wpdb;
if ( empty( $_POST['user_login'] ) ) {
$woocommerce->add_error( __( 'Enter a username or e-mail address.', 'woocommerce' ) );
} elseif ( strpos( $_POST['user_login'], '@' ) ) {
$user_data = get_user_by( 'email', trim( $_POST['user_login'] ) );
if ( empty( $user_data ) )
$woocommerce->add_error( __( 'There is no user registered with that email address.', 'woocommerce' ) );
} else {
$login = trim( $_POST['user_login'] );
$user_data = get_user_by('login', $login );
}
do_action('lostpassword_post');
if( $woocommerce->error_count() > 0 )
return false;
if ( ! $user_data ) {
$woocommerce->add_error( __( 'Invalid username or e-mail.', 'woocommerce' ) );
return false;
}
// redefining user_login ensures we return the right case in the email
$user_login = $user_data->user_login;
$user_email = $user_data->user_email;
do_action('retrieve_password', $user_login);
$allow = apply_filters('allow_password_reset', true, $user_data->ID);
if ( ! $allow ) {
$woocommerce->add_error( __( 'Password reset is not allowed for this user') );
return false;
} elseif ( is_wp_error( $allow ) ) {
$woocommerce->add_error( $allow->get_error_message );
return false;
}
$key = $wpdb->get_var( $wpdb->prepare( "SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login ) );
if ( empty( $key ) ) {
// Generate something random for a key...
$key = wp_generate_password( 20, false );
do_action('retrieve_password_key', $user_login, $key);
// Now insert the new md5 key into the db
$wpdb->update( $wpdb->users, array( 'user_activation_key' => $key ), array( 'user_login' => $user_login ) );
}
// Send email notification
$mailer = $woocommerce->mailer();
do_action( 'woocommerce_reset_password_notification', $user_login, $key );
$woocommerce->add_message( __( 'Check your e-mail for the confirmation link.' ) );
return true;
}
/**
* Retrieves a user row based on password reset key and login
*
* @uses $wpdb WordPress Database object
*
* @access public
* @param string $key Hash to validate sending user's password
* @param string $login The user login
* @return object|bool User's database row on success, false for invalid keys
*/
function woocommerce_check_password_reset_key( $key, $login ) {
global $woocommerce,$wpdb;
$key = preg_replace( '/[^a-z0-9]/i', '', $key );
if ( empty( $key ) || ! is_string( $key ) ) {
$woocommerce->add_error( __( 'Invalid key', 'woocommerce' ) );
return false;
}
if ( empty( $login ) || ! is_string( $login ) ) {
$woocommerce->add_error( __( 'Invalid key', 'woocommerce' ) );
return false;
}
$user = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login ) );
if ( empty( $user ) ) {
$woocommerce->add_error( __( 'Invalid key', 'woocommerce' ) );
return false;
}
return $user;
}
/**
* Handles resetting the user's password.
*
* @access public
* @param object $user The user
* @param string $new_pass New password for the user in plaintext
* @return void
*/
function woocommerce_reset_password( $user, $new_pass ) {
do_action( 'password_reset', $user, $new_pass );
wp_set_password( $new_pass, $user->ID );
wp_password_change_notification( $user );
}
Jump to Line
Something went wrong with that request. Please try again.