问题描述
我有这个手动创建的页面:
$user_login = sanitize_text_field( $_GET['user_login'] );
if ( username_exists( $user_login ) || email_exists($user_login) ) { ?>
<!--Everything has been validated, proceed ....-->
<!DOCTYPE HTML>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<title></title>
<script type="text/javascript">
function submit()
{
var f = document.getElementById('lostpasswordform');
f.onclick = function () { };
document.lostpasswordform.submit();
}
</script>
</head>
<body onload="submit()">
<form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
<input type="hidden" name="user_login" id="user_login" class="input" value="<?php echo ($user_login); ?>" />
<?php do_action('lost_password'); ?>
</form>
</body>
</html>
<?php
echo "SUCCESS";
exit();
} else {
echo "Entered Username or Email was incorrect, please try again!";
}
… 一切似乎正确,但是从应用程序调用时它不起作用,但如果我手动访问 domain.com/forgot-password?user_login=username,它会发送重置通过电子邮件。
最佳解决方案
所以如果你想发送重置密码链接,你可以访问代码库,你可以使用下面的代码段,你可以进一步修改,实际上代码是稍微修改版本的 wp-login.php
/**
* Handles sending password retrieval email to user.
*
* @uses $wpdb WordPress Database object
* @param string $user_login User Login or Email
* @return bool true on success false on error
*/
function retrieve_password($user_login) {
global $wpdb, $current_site;
if ( empty( $user_login) ) {
return false;
} else if ( strpos( $user_login, '@' ) ) {
$user_data = get_user_by( 'email', trim( $user_login ) );
if ( empty( $user_data ) )
return false;
} else {
$login = trim($user_login);
$user_data = get_user_by('login', $login);
}
do_action('lostpassword_post');
if ( !$user_data ) return false;
// redefining user_login ensures we return the right case in the email
$user_login = $user_data->user_login;
$user_email = $user_data->user_email;
do_action('retreive_password', $user_login); // Misspelled and deprecated
do_action('retrieve_password', $user_login);
$allow = apply_filters('allow_password_reset', true, $user_data->ID);
if ( ! $allow )
return false;
else if ( is_wp_error($allow) )
return false;
$key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
if ( empty($key) ) {
// Generate something random for a key...
$key = wp_generate_password(20, false);
do_action('retrieve_password_key', $user_login, $key);
// Now insert the new md5 key into the db
$wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login));
}
$message = __('Someone requested that the password be reset for the following account:') . "rnrn";
$message .= network_home_url( '/' ) . "rnrn";
$message .= sprintf(__('Username: %s'), $user_login) . "rnrn";
$message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "rnrn";
$message .= __('To reset your password, visit the following address:') . "rnrn";
$message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">rn";
if ( is_multisite() )
$blogname = $GLOBALS['current_site']->site_name;
else
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
$title = sprintf( __('[%s] Password Reset'), $blogname );
$title = apply_filters('retrieve_password_title', $title);
$message = apply_filters('retrieve_password_message', $message, $key);
if ( $message && !wp_mail($user_email, $title, $message) )
wp_die( __('The e-mail could not be sent.') . "<br />n" . __('Possible reason: your host may have disabled the mail() function...') );
return true;
}
$user_login = sanitize_text_field( $_GET['user_login'] );
if (retrieve_password($user_login)) {
echo "SUCCESS";
} else {
echo "ERROR";
}
次佳解决方案
以前的答案没有为我工作 (说代码是无效的,在 wp 登录页面),可能是因为答案是 1 年以上,有些东西在 WP 代码中改变,所以我已经更新了这个代码 (也从 wp-login.php),这里是:
function retrieve_password($user_login){
global $wpdb, $wp_hasher;
$user_login = sanitize_text_field($user_login);
if ( empty( $user_login) ) {
return false;
} else if ( strpos( $user_login, '@' ) ) {
$user_data = get_user_by( 'email', trim( $user_login ) );
if ( empty( $user_data ) )
return false;
} else {
$login = trim($user_login);
$user_data = get_user_by('login', $login);
}
do_action('lostpassword_post');
if ( !$user_data ) return false;
// redefining user_login ensures we return the right case in the email
$user_login = $user_data->user_login;
$user_email = $user_data->user_email;
do_action('retreive_password', $user_login); // Misspelled and deprecated
do_action('retrieve_password', $user_login);
$allow = apply_filters('allow_password_reset', true, $user_data->ID);
if ( ! $allow )
return false;
else if ( is_wp_error($allow) )
return false;
$key = wp_generate_password( 20, false );
do_action( 'retrieve_password_key', $user_login, $key );
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . 'wp-includes/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );
}
$hashed = $wp_hasher->HashPassword( $key );
$wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) );
$message = __('Someone requested that the password be reset for the following account:') . "rnrn";
$message .= network_home_url( '/' ) . "rnrn";
$message .= sprintf(__('Username: %s'), $user_login) . "rnrn";
$message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "rnrn";
$message .= __('To reset your password, visit the following address:') . "rnrn";
$message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">rn";
if ( is_multisite() )
$blogname = $GLOBALS['current_site']->site_name;
else
$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
$title = sprintf( __('[%s] Password Reset'), $blogname );
$title = apply_filters('retrieve_password_title', $title);
$message = apply_filters('retrieve_password_message', $message, $key);
if ( $message && !wp_mail($user_email, $title, $message) )
wp_die( __('The e-mail could not be sent.') . "<br />n" . __('Possible reason: your host may have disabled the mail() function...') );
echo '<p>Link for password reset has been emailed to you. Please check your email.</p>';;
}
第三种解决方案
WordPress 4.3.1
function retrieve_password($user_login){
global $wpdb, $wp_hasher;
$user_login = sanitize_text_field($user_login);
if ( empty( $user_login) ) {
return false;
} else if ( strpos( $user_login, '@' ) ) {
$user_data = get_user_by( 'email', trim( $user_login ) );
if ( empty( $user_data ) )
return false;
} else {
$login = trim($user_login);
$user_data = get_user_by('login', $login);
}
do_action('lostpassword_post');
if ( !$user_data ) return false;
// redefining user_login ensures we return the right case in the email
$user_login = $user_data->user_login;
$user_email = $user_data->user_email;
do_action('retreive_password', $user_login); // Misspelled and deprecated
do_action('retrieve_password', $user_login);
$allow = apply_filters('allow_password_reset', true, $user_data->ID);
if ( ! $allow )
return false;
else if ( is_wp_error($allow) )
return false;
$key = wp_generate_password( 20, false );
do_action( 'retrieve_password_key', $user_login, $key );
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . 'wp-includes/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );
}
$hashed = $wp_hasher->HashPassword( $key );
$wpdb->update( $wpdb->users, array( 'user_activation_key' => time().":".$hashed ), array( 'user_login' => $user_login ) );
$message = __('Someone requested that the password be reset for the following account:') . "rnrn";
$message .= network_home_url( '/' ) . "rnrn";
$message .= sprintf(__('Username: %s'), $user_login) . "rnrn";
$message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "rnrn";
$message .= __('To reset your password, visit the following address:') . "rnrn";
$message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">rn";
if ( is_multisite() )
$blogname = $GLOBALS['current_site']->site_name;
else
$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
$title = sprintf( __('[%s] Password Reset'), $blogname );
$title = apply_filters('retrieve_password_title', $title);
$message = apply_filters('retrieve_password_message', $message, $key);
if ( $message && !wp_mail($user_email, $title, $message) )
wp_die( __('The e-mail could not be sent.') . "<br />n" . __('Possible reason: your host may have disabled the mail() function...') );
echo '<p>Link for password reset has been emailed to you. Please check your email.</p>';;
}
参考文献
注:本文内容整合自 Google/Baidu/Bing 辅助翻译的英文资料结果。如果您对结果不满意,可以加入我们改善翻译效果:薇晓朵技术论坛。