以编程方式发送重置密码链接

时间:2012-07-31 作者:Nimbuz

我手动创建了此页面:

$user_login = sanitize_text_field( $_GET[\'user_login\'] );

if ( username_exists( $user_login ) ||  email_exists($user_login) ) { ?>
<!--Everything has been validated, proceed ....-->

<!DOCTYPE HTML>
<html lang="en-US">
<head>
    <meta charset="UTF-8">
    <title></title>
    <script type="text/javascript">
        function submit()
        {
            var f = document.getElementById(\'lostpasswordform\');
            f.onclick = function () { };
            document.lostpasswordform.submit();
        }
    </script>
</head>
<body onload="submit()">

    <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( site_url( \'wp-login.php?action=lostpassword\', \'login_post\' ) ); ?>" method="post">

        <input type="hidden" name="user_login" id="user_login" class="input" value="<?php echo ($user_login); ?>" />

    <?php do_action(\'lost_password\'); ?>

    </form>

</body>
</html>

<?php
    echo "SUCCESS";
    exit();
} else {
    echo "Entered Username or Email was incorrect, please try again!";
}
。。。一切似乎都正常,但从应用程序调用时无法工作,但如果我手动访问domain.com/forgot-password?user_login=username 它确实可以发送重置通行证电子邮件。

8 个回复
最合适的回答,由SO网友:nvartolomei 整理而成

因此,如果您想发送重置密码链接,并且您有权访问代码库,那么可以使用以下代码段并对其进行进一步修改。实际上,这段代码是wp-login.php

/**
 * Handles sending password retrieval email to user.
 *
 * @uses $wpdb WordPress Database object
 * @param string $user_login User Login or Email
 * @return bool true on success false on error
 */
function retrieve_password($user_login) {
    global $wpdb, $current_site;

    if ( empty( $user_login) ) {
        return false;
    } else if ( strpos( $user_login, \'@\' ) ) {
        $user_data = get_user_by( \'email\', trim( $user_login ) );
        if ( empty( $user_data ) )
           return false;
    } else {
        $login = trim($user_login);
        $user_data = get_user_by(\'login\', $login);
    }

    do_action(\'lostpassword_post\');


    if ( !$user_data ) return false;

    // redefining user_login ensures we return the right case in the email
    $user_login = $user_data->user_login;
    $user_email = $user_data->user_email;

    do_action(\'retreive_password\', $user_login);  // Misspelled and deprecated
    do_action(\'retrieve_password\', $user_login);

    $allow = apply_filters(\'allow_password_reset\', true, $user_data->ID);

    if ( ! $allow )
        return false;
    else if ( is_wp_error($allow) )
        return false;

    $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
    if ( empty($key) ) {
        // Generate something random for a key...
        $key = wp_generate_password(20, false);
        do_action(\'retrieve_password_key\', $user_login, $key);
        // Now insert the new md5 key into the db
        $wpdb->update($wpdb->users, array(\'user_activation_key\' => $key), array(\'user_login\' => $user_login));
    }
    $message = __(\'Someone requested that the password be reset for the following account:\') . "\\r\\n\\r\\n";
    $message .= network_home_url( \'/\' ) . "\\r\\n\\r\\n";
    $message .= sprintf(__(\'Username: %s\'), $user_login) . "\\r\\n\\r\\n";
    $message .= __(\'If this was a mistake, just ignore this email and nothing will happen.\') . "\\r\\n\\r\\n";
    $message .= __(\'To reset your password, visit the following address:\') . "\\r\\n\\r\\n";
    $message .= \'<\' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), \'login\') . ">\\r\\n";

    if ( is_multisite() )
        $blogname = $GLOBALS[\'current_site\']->site_name;
    else
        // The blogname option is escaped with esc_html on the way into the database in sanitize_option
        // we want to reverse this for the plain text arena of emails.
        $blogname = wp_specialchars_decode(get_option(\'blogname\'), ENT_QUOTES);

    $title = sprintf( __(\'[%s] Password Reset\'), $blogname );

    $title = apply_filters(\'retrieve_password_title\', $title);
    $message = apply_filters(\'retrieve_password_message\', $message, $key);

    if ( $message && !wp_mail($user_email, $title, $message) )
        wp_die( __(\'The e-mail could not be sent.\') . "<br />\\n" . __(\'Possible reason: your host may have disabled the mail() function...\') );

    return true;
}

$user_login = sanitize_text_field( $_GET[\'user_login\'] );

if (retrieve_password($user_login)) {
    echo "SUCCESS";
} else {
    echo "ERROR";
}

SO网友:DzoniT

之前的答案对我不起作用(在wp登录页面上说代码无效),可能是因为答案已经有1,5年了,而且wp代码中发生了一些变化,所以我对这段代码进行了一些更新(也来自wp login.php),如下所示:

function retrieve_password($user_login){
    global $wpdb, $wp_hasher;

    $user_login = sanitize_text_field($user_login);
    
    if ( empty( $user_login) ) {
        return false;
    } else if ( strpos( $user_login, \'@\' ) ) {
        $user_data = get_user_by( \'email\', trim( $user_login ) );
        if ( empty( $user_data ) )
           return false;
    } else {
        $login = trim($user_login);
        $user_data = get_user_by(\'login\', $login);
    }

    do_action(\'lostpassword_post\');


    if ( !$user_data ) return false;

    // redefining user_login ensures we return the right case in the email
    $user_login = $user_data->user_login;
    $user_email = $user_data->user_email;

    do_action(\'retreive_password\', $user_login);  // Misspelled and deprecated
    do_action(\'retrieve_password\', $user_login);

    $allow = apply_filters(\'allow_password_reset\', true, $user_data->ID);

    if ( ! $allow )
        return false;
    else if ( is_wp_error($allow) )
        return false;
        
    $key = wp_generate_password( 20, false );
    do_action( \'retrieve_password_key\', $user_login, $key );

    if ( empty( $wp_hasher ) ) {
        require_once ABSPATH . \'wp-includes/class-phpass.php\';
        $wp_hasher = new PasswordHash( 8, true );
    }
    $hashed = time() . \':\' . $wp_hasher->HashPassword( $key );
    $wpdb->update( $wpdb->users, array( \'user_activation_key\' => $hashed ), array( \'user_login\' => $user_login ) );

    $message = __(\'Someone requested that the password be reset for the following account:\') . "\\r\\n\\r\\n";
    $message .= network_home_url( \'/\' ) . "\\r\\n\\r\\n";
    $message .= sprintf(__(\'Username: %s\'), $user_login) . "\\r\\n\\r\\n";
    $message .= __(\'If this was a mistake, just ignore this email and nothing will happen.\') . "\\r\\n\\r\\n";
    $message .= __(\'To reset your password, visit the following address:\') . "\\r\\n\\r\\n";
    $message .= \'<\' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), \'login\') . ">\\r\\n";

    if ( is_multisite() )
        $blogname = $GLOBALS[\'current_site\']->site_name;
    else
        $blogname = wp_specialchars_decode(get_option(\'blogname\'), ENT_QUOTES);

    $title = sprintf( __(\'[%s] Password Reset\'), $blogname );

    $title = apply_filters(\'retrieve_password_title\', $title);
    $message = apply_filters(\'retrieve_password_message\', $message, $key);

    if ( $message && !wp_mail($user_email, $title, $message) )
        wp_die( __(\'The e-mail could not be sent.\') . "<br />\\n" . __(\'Possible reason: your host may have disabled the mail() function...\') );

    echo \'<p>Link for password reset has been emailed to you. Please check your email.</p>\';;
}

SO网友:Piyush Rawat

以上答案都不适用于我,所以我查看了wp登录。php的默认重置功能。他们使用了get\\u password\\u reset\\u key($userData)函数。如果有人坚持以上答案,我的解决方案如下:-

            $userData = get_userdata($user_id);             

            $user_login = $userData->user_login;
            $user_email = $userData->user_email;
            $key = get_password_reset_key( $userData );


            $message = __(\'Someone requested that the password be reset for the following account:\') . "\\r\\n\\r\\n";
            $message .= network_home_url( \'/\' ) . "\\r\\n\\r\\n";
            $message .= sprintf(__(\'Username: %s\'), $user_login) . "\\r\\n\\r\\n";
            $message .= __(\'If this was a mistake, just ignore this email and nothing will happen.\') . "\\r\\n\\r\\n";
            $message .= __(\'To reset your password, visit the following address:\') . "\\r\\n\\r\\n";
            $message .= network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), \'login\');

SO网友:anastymous

我注意到,在将WordPress升级到4.3版后,上述内容不再适用于我的自定义插件。它总是报告密钥无效。

更改:

$hashed = $wp_hasher->HashPassword( $key );


$hashed = time() . \':\' . $wp_hasher->HashPassword( $key );
这为我解决了问题,希望对其他人有所帮助

SO网友:bhavesh vala

Wordpress 4.3.1

function retrieve_password($user_login){
    global $wpdb, $wp_hasher;
    $user_login = sanitize_text_field($user_login);
    if ( empty( $user_login) ) {
        return false;
    } else if ( strpos( $user_login, \'@\' ) ) {
        $user_data = get_user_by( \'email\', trim( $user_login ) );
        if ( empty( $user_data ) )
           return false;
    } else {
        $login = trim($user_login);
        $user_data = get_user_by(\'login\', $login);
    }

    do_action(\'lostpassword_post\');
    if ( !$user_data ) return false;
    // redefining user_login ensures we return the right case in the email
    $user_login = $user_data->user_login;
    $user_email = $user_data->user_email;
    do_action(\'retreive_password\', $user_login);  // Misspelled and deprecated
    do_action(\'retrieve_password\', $user_login);
    $allow = apply_filters(\'allow_password_reset\', true, $user_data->ID);
    if ( ! $allow )
        return false;
    else if ( is_wp_error($allow) )
        return false;
    $key = wp_generate_password( 20, false );
    do_action( \'retrieve_password_key\', $user_login, $key );

    if ( empty( $wp_hasher ) ) {
        require_once ABSPATH . \'wp-includes/class-phpass.php\';
        $wp_hasher = new PasswordHash( 8, true );
    }
    $hashed = $wp_hasher->HashPassword( $key );    
    $wpdb->update( $wpdb->users, array( \'user_activation_key\' => time().":".$hashed ), array( \'user_login\' => $user_login ) );
    $message = __(\'Someone requested that the password be reset for the following account:\') . "\\r\\n\\r\\n";
    $message .= network_home_url( \'/\' ) . "\\r\\n\\r\\n";
    $message .= sprintf(__(\'Username: %s\'), $user_login) . "\\r\\n\\r\\n";
    $message .= __(\'If this was a mistake, just ignore this email and nothing will happen.\') . "\\r\\n\\r\\n";
    $message .= __(\'To reset your password, visit the following address:\') . "\\r\\n\\r\\n";
    $message .= \'<\' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), \'login\') . ">\\r\\n";

    if ( is_multisite() )
        $blogname = $GLOBALS[\'current_site\']->site_name;
    else
        $blogname = wp_specialchars_decode(get_option(\'blogname\'), ENT_QUOTES);

    $title = sprintf( __(\'[%s] Password Reset\'), $blogname );

    $title = apply_filters(\'retrieve_password_title\', $title);
    $message = apply_filters(\'retrieve_password_message\', $message, $key);

    if ( $message && !wp_mail($user_email, $title, $message) )
        wp_die( __(\'The e-mail could not be sent.\') . "<br />\\n" . __(\'Possible reason: your host may have disabled the mail() function...\') );

    echo \'<p>Link for password reset has been emailed to you. Please check your email.</p>\';;
}
SO网友:inrsaurabh

组合示例(在5.2中测试)

步骤1:

前端表单

<form id="form-password-reset" action="<?php echo wp_lostpassword_url(); ?>" method="post">
  <?php wp_nonce_field( \'ajax-resetpassword-nonce\', \'security\' ); ?>
  <div class="text-align-center margin-bottom-32">
     <h3 class="h3">Reset Your Password</h3>
  </div>
  <div class="row">
     <div class="col-12 col-md-4">
        <div class="form-group">
           <label for="auth-password-reset-email">Email</label>
           <div class="form-input-wrapper">
              <input type="email" class="form-input" id="auth-password-reset-email" name="email" placeholder="eg. [email protected]">
           </div>
        </div>
        <button type="submit" class="btn-solid btn-primary btn-block">
        Submit</button>
        <p class="form__error margin-top-16">
           // TODO you can show the message here
        </p>
     </div>
     <div class="col-12 col-md-4"></div>
  </div>
</form>
<使用Js处理ajax提交

    $(form).on(\'submit\', function (event) {
    event.preventDefault(event)
    const email = $(`#auth-password-reset-email`).val()
    const security = $(`#security`).val()
    const action = \'authResetPassword\'
    var has_error = false;

    if (email.length <= 0) {
     // TODO
      has_error = true;
    }

    if (security.length <= 0) {
      // TODO
      has_error = true;
    }

    if (has_error == true) {
      // TODO
      return false
    }

    $.ajax({
      type: \'POST\',
      dataType: \'json\',
      url: ajax.ajaxurl,
      data: {  action, email, security },
      success: function (data) {
        if (data.status) {
           // TODO
        }
        if (!data.status) {
            // TODO
        }
      }
    })

    return false;
  })




try {
            check_ajax_referer(\'ajax-resetpassword-nonce\', \'security\');
            $response = [
                "status" => false,
                "error" => true,
                "data" => "",
            ];

            extract($_POST);

            $user_email = sanitize_text_field($email);
           
            $user = get_user_by( \'email\', $user_email );
            if( $user instanceof WP_User ) {
                $user_id = $user->ID;
                $user_info = get_userdata($user_id);
                $unique = get_password_reset_key( $user_info );
                $unique_url = network_site_url("wp-login.php?action=rp&key=$unique&login=" . rawurlencode($user_info->user_login), \'login\');
              
                $subject  = "Reset Password Link";
                $message = __(\'Someone requested that the password be reset for the following account:\') . "\\r\\n\\r\\n";
                $message  = "<p>Hi ".ucfirst( $user_info->first_name ).",</p>";
                $message .= network_home_url( \'/\' ) . "\\r\\n\\r\\n";
                $message .= sprintf(__(\'Username: %s\'), $user_info->user_login) . "\\r\\n\\r\\n";
                $message .= __(\'If this was a mistake, just ignore this email and nothing will happen.\') . "\\r\\n\\r\\n";
                $message .= __(\'To reset your password, visit the following address:\') . "\\r\\n\\r\\n";
                $message .=  $unique_url;

                wp_mail( $user_email, $subject, $message ); // TODO
                $response[\'data\'] = [ "message" =>  __(\'Password reset link sent.\'), \'reset_link\' => $unique_url ];
                wp_send_json($response);
            }

            $response[\'data\'] = [ "message" =>  __(\'Email address not exists.\') ];
            wp_send_json($response);


        } catch (Exception $e) {
            wp_send_json([
                "status" => false,
                "error" => false,
                "data" => ["message" => $e->getMessage() ]
            ]);
        }
注意:显示您自己的自定义重置密码表单

add_action( \'login_form_lostpassword\', \'redirect_to_custom_lostpassword\' );
function redirect_to_custom_lostpassword() {
  if ( \'GET\' == $_SERVER[\'REQUEST_METHOD\'] ) {
      if ( is_user_logged_in() ) {
         // TODO
          exit;
      }

      wp_redirect( home_url( \'custom-password-lost\' ) ); // TODO
      exit;
  }
}

SO网友:Hemeňdra Yadav

由于上述解决方案对我不起作用,我对bhavesh vala的代码做了一些小改动。

替换:

$key = wp_generate_password( 20, false );
使用此选项:

$key = get_password_reset_key( $user_data );
并且您不需要使用更新查询,因此请删除以下查询:

$wpdb->update( $wpdb->users, array( \'user_activation_key\' => time().":".$hashed ), array( \'user_login\' => $user_login ) );
快乐的编码!!!

SO网友:Ashok

试试这个

$wpdb->update( $wpdb->users, array( \'user_activation_key\' => $key ), array( \'user_login\' => $user_login ) );
而不是

$wpdb->update( $wpdb->users, array( \'user_activation_key\' => $hashed ), array( \'user_login\' => $user_login ) );
这对我很有用(wordpress 4.3.1)

结束
标签: php   pages   password   小码农  

相关推荐

通过JS实例化TinyMCE(而不是通过PHP/wp_EDITOR)

加载页面后,如何创建TinyMCE编辑器?放置wp_editor 调用AJAX请求,然后显示该请求,可以得到以下结果:视觉和文本选项卡没有功能,没有工具栏,没有活动的TinyMCE实例,只有html标记。我需要实例化TinyMCE的JS组件,但是如何实例化呢?我还尝试在AJAX响应中调用PHP_WP_Editors::editor_js();, 我可以使用console在控制台中看到响应。log,我在那里看到了JS脚本,但它没有插入到DOM中,也从未执行过