woocommerce/shortcodes/shortcode-lost_password.php

<?php
/**
 * Lost Password Shortcode
 *
 * Displays the lost password / reset password forms
 *
 * @author 		WooThemes
 * @category 	Shortcodes
 * @package 	WooCommerce/Shortcodes/Lost Password
 * @version     1.7.0
 */

/**
 * Get the lost password shortcode content.
 *
 * @access public
 * @return string
 */
function get_woocommerce_lost_password() {
	global $woocommerce;
	return $woocommerce->shortcode_wrapper( 'woocommerce_lost_password' );
}

/**
 * Output the lost password shortcode.
 *
 * @access public
 * @return void
 */
function woocommerce_lost_password() {
	global $woocommerce;

	$woocommerce->nocache();

	global $post;

	// arguments to pass to template
	$args = array( 'form' => 'lost_password' );

	// process lost password form
	if( isset( $_POST['user_login'] ) ) {

		$woocommerce->verify_nonce( 'lost_password' );

		woocommerce_retrieve_password();
	}

	// process reset key / login from email confirmation link
	if( isset( $_GET['key'] ) && isset( $_GET['login'] ) ) {

		$user = woocommerce_check_password_reset_key( $_GET['key'], $_GET['login'] );

		// reset key / login is correct, display reset password form with hidden key / login values
		if( is_object( $user ) ) {
			$args['form'] = 'reset_password';
			$args['key'] = esc_attr( $_GET['key'] );
			$args['login'] = esc_attr( $_GET['login'] );
		}
	}

	// process reset password form
	if( isset( $_POST['password_1'] ) && isset( $_POST['password_2'] ) && isset( $_POST['reset_key'] ) && isset( $_POST['reset_login'] ) ) :

		// verify reset key again
		$user = woocommerce_check_password_reset_key( $_POST['reset_key'], $_POST['reset_login'] );

		if( is_object( $user ) ) {

			// save these values into the form again in case of errors
			$args['key'] = esc_attr( $_POST['reset_key'] );
			$args['login'] = esc_attr( $_POST['reset_login'] );

			$woocommerce->verify_nonce( 'reset_password' );

			if( empty( $_POST['password_1'] ) || empty( $_POST['password_2'] ) ) {
				$woocommerce->add_error( __( 'Please enter your password.', 'woocommerce' ) );
				$args['form'] = 'reset_password';
			}

			if( $_POST[ 'password_1' ] !== $_POST[ 'password_2' ] ) {
				$woocommerce->add_error( __('Passwords do not match.', 'woocommerce') );
				$args['form'] = 'reset_password';
			}

			if( 0 == $woocommerce->error_count() && ( $_POST['password_1'] == $_POST['password_2'] ) ) {

				woocommerce_reset_password( $user, esc_attr( $_POST['password_1'] ) );

				do_action( 'woocommerce_customer_reset_password', $user );

				$woocommerce->add_message( __( 'Your password has been reset.', 'woocommerce' ) . ' <a href="' . get_permalink( woocommerce_get_page_id( 'myaccount' ) ) . '">' . __( 'Log in', 'woocommerce' ) . '</a>' );
			}
		}

	endif;

	woocommerce_get_template( 'myaccount/form-lost-password.php', $args );
}

/**
 * Handles sending password retrieval email to customer.
 *
 * @access public
 * @uses $wpdb WordPress Database object
 * @return bool True: when finish. False: on error
 */
function woocommerce_retrieve_password() {
	global $woocommerce,$wpdb;

	if ( empty( $_POST['user_login'] ) ) {

		$woocommerce->add_error( __( 'Enter a username or e-mail address.', 'woocommerce' ) );

	} elseif ( strpos( $_POST['user_login'], '@' ) ) {

		$user_data = get_user_by( 'email', trim( $_POST['user_login'] ) );

		if ( empty( $user_data ) )
			$woocommerce->add_error( __( 'There is no user registered with that email address.', 'woocommerce' ) );

	} else {

		$login = trim( $_POST['user_login'] );

		$user_data = get_user_by('login', $login );
	}

	do_action('lostpassword_post');

	if( $woocommerce->error_count() > 0 )
		return false;

	if ( ! $user_data ) {
		$woocommerce->add_error( __( 'Invalid username or e-mail.', 'woocommerce' ) );
		return false;
	}

	// redefining user_login ensures we return the right case in the email
	$user_login = $user_data->user_login;
	$user_email = $user_data->user_email;

	do_action('retrieve_password', $user_login);

	$allow = apply_filters('allow_password_reset', true, $user_data->ID);

	if ( ! $allow ) {

		$woocommerce->add_error( __( 'Password reset is not allowed for this user') );

		return false;

	} elseif ( is_wp_error( $allow ) ) {

		$woocommerce->add_error( $allow->get_error_message );

		return false;
	}

	$key = $wpdb->get_var( $wpdb->prepare( "SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login ) );

	if ( empty( $key ) ) {

		// Generate something random for a key...
		$key = wp_generate_password( 20, false );

		do_action('retrieve_password_key', $user_login, $key);

		// Now insert the new md5 key into the db
		$wpdb->update( $wpdb->users, array( 'user_activation_key' => $key ), array( 'user_login' => $user_login ) );
	}

	// Send email notification
	$mailer = $woocommerce->mailer();
	do_action( 'woocommerce_reset_password_notification', $user_login, $key );

	$woocommerce->add_message( __( 'Check your e-mail for the confirmation link.' ) );
	return true;
}

/**
 * Retrieves a user row based on password reset key and login
 *
 * @uses $wpdb WordPress Database object
 *
 * @access public
 * @param string $key Hash to validate sending user's password
 * @param string $login The user login
 * @return object|bool User's database row on success, false for invalid keys
 */
function woocommerce_check_password_reset_key( $key, $login ) {
	global $woocommerce,$wpdb;

	$key = preg_replace( '/[^a-z0-9]/i', '', $key );

	if ( empty( $key ) || ! is_string( $key ) ) {
		$woocommerce->add_error( __( 'Invalid key', 'woocommerce' ) );
		return false;
	}

	if ( empty( $login ) || ! is_string( $login ) ) {
		$woocommerce->add_error( __( 'Invalid key', 'woocommerce' ) );
		return false;
	}

	$user = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login ) );

	if ( empty( $user ) ) {
		$woocommerce->add_error( __( 'Invalid key', 'woocommerce' ) );
		return false;
	}

	return $user;
}

/**
 * Handles resetting the user's password.
 *
 * @access public
 * @param object $user The user
 * @param string $new_pass New password for the user in plaintext
 * @return void
 */
function woocommerce_reset_password( $user, $new_pass ) {
	do_action( 'password_reset', $user, $new_pass );

	wp_set_password( $new_pass, $user->ID );

	wp_password_change_notification( $user );
}
added lost password shortcode / email notification I think the current process for a customer to reset their password is jarring, especially if the shop hasn't styled the wordpress login form to match their branding. The form process is mainly copied from the same process in wp-login.php and fires the same actions to maintain compatibility. 2012-10-04 18:51:07 +00:00			`<?php`
			`/**`
			`* Lost Password Shortcode`
			`*`
			`* Displays the lost password / reset password forms`
			`*`
			`* @author WooThemes`
			`* @category Shortcodes`
			`* @package WooCommerce/Shortcodes/Lost Password`
			`* @version 1.7.0`
			`*/`

			`/**`
			`* Get the lost password shortcode content.`
			`*`
			`* @access public`
			`* @return string`
			`*/`
			`function get_woocommerce_lost_password() {`
			`global $woocommerce;`
			`return $woocommerce->shortcode_wrapper( 'woocommerce_lost_password' );`
			`}`

			`/**`
			`* Output the lost password shortcode.`
			`*`
			`* @access public`
			`* @return void`
			`*/`
			`function woocommerce_lost_password() {`
			`global $woocommerce;`

			`$woocommerce->nocache();`

			`global $post;`

			`// arguments to pass to template`
			`$args = array( 'form' => 'lost_password' );`

			`// process lost password form`
			`if( isset( $_POST['user_login'] ) ) {`

			`$woocommerce->verify_nonce( 'lost_password' );`

			`woocommerce_retrieve_password();`
			`}`

			`// process reset key / login from email confirmation link`
			`if( isset( $_GET['key'] ) && isset( $_GET['login'] ) ) {`

			`$user = woocommerce_check_password_reset_key( $_GET['key'], $_GET['login'] );`

			`// reset key / login is correct, display reset password form with hidden key / login values`
			`if( is_object( $user ) ) {`
			`$args['form'] = 'reset_password';`
			`$args['key'] = esc_attr( $_GET['key'] );`
			`$args['login'] = esc_attr( $_GET['login'] );`
			`}`
			`}`

			`// process reset password form`
			`if( isset( $_POST['password_1'] ) && isset( $_POST['password_2'] ) && isset( $_POST['reset_key'] ) && isset( $_POST['reset_login'] ) ) :`

			`// verify reset key again`
			`$user = woocommerce_check_password_reset_key( $_POST['reset_key'], $_POST['reset_login'] );`

			`if( is_object( $user ) ) {`

			`// save these values into the form again in case of errors`
			`$args['key'] = esc_attr( $_POST['reset_key'] );`
			`$args['login'] = esc_attr( $_POST['reset_login'] );`

			`$woocommerce->verify_nonce( 'reset_password' );`

			`if( empty( $_POST['password_1'] ) \|\| empty( $_POST['password_2'] ) ) {`
			`$woocommerce->add_error( __( 'Please enter your password.', 'woocommerce' ) );`
			`$args['form'] = 'reset_password';`
			`}`

			`if( $_POST[ 'password_1' ] !== $_POST[ 'password_2' ] ) {`
			`$woocommerce->add_error( __('Passwords do not match.', 'woocommerce') );`
			`$args['form'] = 'reset_password';`
			`}`

			`if( 0 == $woocommerce->error_count() && ( $_POST['password_1'] == $_POST['password_2'] ) ) {`

			`woocommerce_reset_password( $user, esc_attr( $_POST['password_1'] ) );`

			`do_action( 'woocommerce_customer_reset_password', $user );`

			`$woocommerce->add_message( __( 'Your password has been reset.', 'woocommerce' ) . ' <a href="' . get_permalink( woocommerce_get_page_id( 'myaccount' ) ) . '">' . __( 'Log in', 'woocommerce' ) . '</a>' );`
			`}`
			`}`

			`endif;`

			`woocommerce_get_template( 'myaccount/form-lost-password.php', $args );`
			`}`

			`/**`
			`* Handles sending password retrieval email to customer.`
			`*`
			`* @access public`
			`* @uses $wpdb WordPress Database object`
			`* @return bool True: when finish. False: on error`
			`*/`
			`function woocommerce_retrieve_password() {`
			`global $woocommerce,$wpdb;`

			`if ( empty( $_POST['user_login'] ) ) {`

			`$woocommerce->add_error( __( 'Enter a username or e-mail address.', 'woocommerce' ) );`

			`} elseif ( strpos( $_POST['user_login'], '@' ) ) {`

			`$user_data = get_user_by( 'email', trim( $_POST['user_login'] ) );`

			`if ( empty( $user_data ) )`
			`$woocommerce->add_error( __( 'There is no user registered with that email address.', 'woocommerce' ) );`

			`} else {`

			`$login = trim( $_POST['user_login'] );`

			`$user_data = get_user_by('login', $login );`
			`}`

			`do_action('lostpassword_post');`

			`if( $woocommerce->error_count() > 0 )`
			`return false;`

			`if ( ! $user_data ) {`
			`$woocommerce->add_error( __( 'Invalid username or e-mail.', 'woocommerce' ) );`
			`return false;`
			`}`

			`// redefining user_login ensures we return the right case in the email`
			`$user_login = $user_data->user_login;`
			`$user_email = $user_data->user_email;`

			`do_action('retrieve_password', $user_login);`

			`$allow = apply_filters('allow_password_reset', true, $user_data->ID);`

			`if ( ! $allow ) {`

			`$woocommerce->add_error( __( 'Password reset is not allowed for this user') );`

			`return false;`

			`} elseif ( is_wp_error( $allow ) ) {`

			`$woocommerce->add_error( $allow->get_error_message );`

			`return false;`
			`}`

			`$key = $wpdb->get_var( $wpdb->prepare( "SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login ) );`

			`if ( empty( $key ) ) {`

			`// Generate something random for a key...`
			`$key = wp_generate_password( 20, false );`

			`do_action('retrieve_password_key', $user_login, $key);`

			`// Now insert the new md5 key into the db`
			`$wpdb->update( $wpdb->users, array( 'user_activation_key' => $key ), array( 'user_login' => $user_login ) );`
			`}`

			`// Send email notification`
			`$mailer = $woocommerce->mailer();`
			`do_action( 'woocommerce_reset_password_notification', $user_login, $key );`

			`$woocommerce->add_message( __( 'Check your e-mail for the confirmation link.' ) );`
			`return true;`
			`}`

			`/**`
			`* Retrieves a user row based on password reset key and login`
			`*`
			`* @uses $wpdb WordPress Database object`
			`*`
			`* @access public`
			`* @param string $key Hash to validate sending user's password`
			`* @param string $login The user login`
			`* @return object\|bool User's database row on success, false for invalid keys`
			`*/`
			`function woocommerce_check_password_reset_key( $key, $login ) {`
			`global $woocommerce,$wpdb;`

			`$key = preg_replace( '/[^a-z0-9]/i', '', $key );`

			`if ( empty( $key ) \|\| ! is_string( $key ) ) {`
			`$woocommerce->add_error( __( 'Invalid key', 'woocommerce' ) );`
			`return false;`
			`}`

			`if ( empty( $login ) \|\| ! is_string( $login ) ) {`
			`$woocommerce->add_error( __( 'Invalid key', 'woocommerce' ) );`
			`return false;`
			`}`

			`$user = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login ) );`

			`if ( empty( $user ) ) {`
			`$woocommerce->add_error( __( 'Invalid key', 'woocommerce' ) );`
			`return false;`
			`}`

			`return $user;`
			`}`

			`/**`
			`* Handles resetting the user's password.`
			`*`
			`* @access public`
			`* @param object $user The user`
			`* @param string $new_pass New password for the user in plaintext`
			`* @return void`
			`*/`
			`function woocommerce_reset_password( $user, $new_pass ) {`
			`do_action( 'password_reset', $user, $new_pass );`

			`wp_set_password( $new_pass, $user->ID );`

			`wp_password_change_notification( $user );`
			`}`