Merge pull request #11244 from woothemes/password-reset-flow
Password resets with cookies
This commit is contained in:
Mike Jolley
GitHub
commit
ccd6389ecc
|
|
@ -19,6 +19,7 @@ class WC_Form_Handler {
|
|||
* Hook in methods.
|
||||
*/
|
||||
public static function init() {
|
||||
add_action( 'template_redirect', array( __CLASS__, 'redirect_reset_password_link' ) );
|
||||
add_action( 'template_redirect', array( __CLASS__, 'save_address' ) );
|
||||
add_action( 'template_redirect', array( __CLASS__, 'save_account_details' ) );
|
||||
add_action( 'wp_loaded', array( __CLASS__, 'checkout_action' ), 20 );
|
||||
|
|
@ -38,6 +39,19 @@ class WC_Form_Handler {
|
|||
add_action( 'wp', array( __CLASS__, 'set_default_payment_method_action' ), 20 );
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove key and login from querystring, set cookie, and redirect to account page to show the form.
|
||||
*/
|
||||
public static function redirect_reset_password_link() {
|
||||
if ( is_account_page() && ! empty( $_GET['key'] ) && ! empty( $_GET['login'] ) ) {
|
||||
$value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) );
|
||||
WC_Shortcode_My_Account::set_reset_password_cookie( $value );
|
||||
|
||||
wp_safe_redirect( add_query_arg( 'show-reset-form', 'true', wc_lostpassword_url() ) );
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Save and and update a billing or shipping address if the
|
||||
* form was submitted through the user account page.
|
||||
|
|
|
|||
|
|
@ -182,32 +182,36 @@ class WC_Shortcode_My_Account {
|
|||
* Lost password page handling.
|
||||
*/
|
||||
public static function lost_password() {
|
||||
/**
|
||||
* Process reset key / login from email confirmation link
|
||||
*/
|
||||
if ( ! empty( $_GET['key'] ) && ! empty( $_GET['login'] ) ) {
|
||||
|
||||
$user = self::check_password_reset_key( $_GET['key'], $_GET['login'] );
|
||||
|
||||
// reset key / login is correct, display reset password form with hidden key / login values
|
||||
if ( is_object( $user ) ) {
|
||||
return wc_get_template( 'myaccount/form-reset-password.php', array(
|
||||
'key' => wc_clean( $_GET['key'] ),
|
||||
'login' => wc_clean( $_GET['login'] ),
|
||||
) );
|
||||
}
|
||||
|
||||
/**
|
||||
* After sending the reset link, don't show the form again.
|
||||
*/
|
||||
} elseif ( ! empty( $_GET['reset-link-sent'] ) ) {
|
||||
if ( ! empty( $_GET['reset-link-sent'] ) ) {
|
||||
return wc_get_template( 'myaccount/lost-password-confirmation.php' );
|
||||
|
||||
/**
|
||||
* After reset, show confirmation message.
|
||||
*/
|
||||
} elseif ( ! empty( $_GET['reset'] ) ) {
|
||||
} elseif ( ! empty( $_GET['reset'] ) ) {
|
||||
wc_add_notice( __( 'Your password has been reset.', 'woocommerce' ) . ' <a class="button" href="' . esc_url( wc_get_page_permalink( 'myaccount' ) ) . '">' . __( 'Log in', 'woocommerce' ) . '</a>' );
|
||||
|
||||
/**
|
||||
* Process reset key / login from email confirmation link
|
||||
*/
|
||||
} elseif ( ! empty( $_GET['show-reset-form'] ) ) {
|
||||
if ( isset( $_COOKIE[ 'wp-resetpass-' . COOKIEHASH ] ) && 0 < strpos( $_COOKIE[ 'wp-resetpass-' . COOKIEHASH ], ':' ) ) {
|
||||
list( $rp_login, $rp_key ) = array_map( 'wc_clean', explode( ':', wp_unslash( $_COOKIE[ 'wp-resetpass-' . COOKIEHASH ] ), 2 ) );
|
||||
$user = self::check_password_reset_key( $rp_key, $rp_login );
|
||||
|
||||
// reset key / login is correct, display reset password form with hidden key / login values
|
||||
if ( is_object( $user ) ) {
|
||||
return wc_get_template( 'myaccount/form-reset-password.php', array(
|
||||
'key' => $rp_key,
|
||||
'login' => $rp_login,
|
||||
) );
|
||||
} else {
|
||||
self::set_reset_password_cookie();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Show lost password form by default
|
||||
|
|
@ -348,10 +352,25 @@ class WC_Shortcode_My_Account {
|
|||
do_action( 'password_reset', $user, $new_pass );
|
||||
|
||||
wp_set_password( $new_pass, $user->ID );
|
||||
self::set_reset_password_cookie();
|
||||
|
||||
wp_password_change_notification( $user );
|
||||
}
|
||||
|
||||
/**
|
||||
* Set or unset the cookie.
|
||||
*/
|
||||
public static function set_reset_password_cookie( $value = '' ) {
|
||||
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
|
||||
$rp_path = current( explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
|
||||
|
||||
if ( $value ) {
|
||||
setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
|
||||
} else {
|
||||
setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Show the add payment method page.
|
||||
*/
|
||||
|
|
|
|||
Loading…
Reference in New Issue