woocommerce/shortcodes/shortcode-lost_password.php

229 lines
6.2 KiB
PHP

<?php
/**
* Lost Password Shortcode
*
* Displays the lost password / reset password forms
*
* @author WooThemes
* @category Shortcodes
* @package WooCommerce/Shortcodes/Lost Password
* @version 2.0.0
*/
/**
* Get the lost password shortcode content.
*
* @access public
* @return string
*/
function get_woocommerce_lost_password() {
global $woocommerce;
return $woocommerce->shortcode_wrapper( 'woocommerce_lost_password' );
}
/**
* Output the lost password shortcode.
*
* @access public
* @return void
*/
function woocommerce_lost_password() {
global $woocommerce;
$woocommerce->nocache();
global $post;
// arguments to pass to template
$args = array( 'form' => 'lost_password' );
// process lost password form
if( isset( $_POST['user_login'] ) ) {
$woocommerce->verify_nonce( 'lost_password' );
woocommerce_retrieve_password();
}
// process reset key / login from email confirmation link
if( isset( $_GET['key'] ) && isset( $_GET['login'] ) ) {
$user = woocommerce_check_password_reset_key( $_GET['key'], $_GET['login'] );
// reset key / login is correct, display reset password form with hidden key / login values
if( is_object( $user ) ) {
$args['form'] = 'reset_password';
$args['key'] = esc_attr( $_GET['key'] );
$args['login'] = esc_attr( $_GET['login'] );
}
}
// process reset password form
if( isset( $_POST['password_1'] ) && isset( $_POST['password_2'] ) && isset( $_POST['reset_key'] ) && isset( $_POST['reset_login'] ) ) :
// verify reset key again
$user = woocommerce_check_password_reset_key( $_POST['reset_key'], $_POST['reset_login'] );
if( is_object( $user ) ) {
// save these values into the form again in case of errors
$args['key'] = esc_attr( $_POST['reset_key'] );
$args['login'] = esc_attr( $_POST['reset_login'] );
$woocommerce->verify_nonce( 'reset_password' );
if( empty( $_POST['password_1'] ) || empty( $_POST['password_2'] ) ) {
$woocommerce->add_error( __( 'Please enter your password.', 'woocommerce' ) );
$args['form'] = 'reset_password';
}
if( $_POST[ 'password_1' ] !== $_POST[ 'password_2' ] ) {
$woocommerce->add_error( __( 'Passwords do not match.', 'woocommerce' ) );
$args['form'] = 'reset_password';
}
if( 0 == $woocommerce->error_count() && ( $_POST['password_1'] == $_POST['password_2'] ) ) {
woocommerce_reset_password( $user, esc_attr( $_POST['password_1'] ) );
do_action( 'woocommerce_customer_reset_password', $user );
$woocommerce->add_message( __( 'Your password has been reset.', 'woocommerce' ) . ' <a href="' . get_permalink( woocommerce_get_page_id( 'myaccount' ) ) . '">' . __( 'Log in', 'woocommerce' ) . '</a>' );
}
}
endif;
woocommerce_get_template( 'myaccount/form-lost-password.php', $args );
}
/**
* Handles sending password retrieval email to customer.
*
* @access public
* @uses $wpdb WordPress Database object
* @return bool True: when finish. False: on error
*/
function woocommerce_retrieve_password() {
global $woocommerce,$wpdb;
if ( empty( $_POST['user_login'] ) ) {
$woocommerce->add_error( __( 'Enter a username or e-mail address.', 'woocommerce' ) );
} elseif ( strpos( $_POST['user_login'], '@' ) ) {
$user_data = get_user_by( 'email', trim( $_POST['user_login'] ) );
if ( empty( $user_data ) )
$woocommerce->add_error( __( 'There is no user registered with that email address.', 'woocommerce' ) );
} else {
$login = trim( $_POST['user_login'] );
$user_data = get_user_by('login', $login );
}
do_action('lostpassword_post');
if( $woocommerce->error_count() > 0 )
return false;
if ( ! $user_data ) {
$woocommerce->add_error( __( 'Invalid username or e-mail.', 'woocommerce' ) );
return false;
}
// redefining user_login ensures we return the right case in the email
$user_login = $user_data->user_login;
$user_email = $user_data->user_email;
do_action('retrieve_password', $user_login);
$allow = apply_filters('allow_password_reset', true, $user_data->ID);
if ( ! $allow ) {
$woocommerce->add_error( __( 'Password reset is not allowed for this user') );
return false;
} elseif ( is_wp_error( $allow ) ) {
$woocommerce->add_error( $allow->get_error_message );
return false;
}
$key = $wpdb->get_var( $wpdb->prepare( "SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login ) );
if ( empty( $key ) ) {
// Generate something random for a key...
$key = wp_generate_password( 20, false );
do_action('retrieve_password_key', $user_login, $key);
// Now insert the new md5 key into the db
$wpdb->update( $wpdb->users, array( 'user_activation_key' => $key ), array( 'user_login' => $user_login ) );
}
// Send email notification
$mailer = $woocommerce->mailer();
do_action( 'woocommerce_reset_password_notification', $user_login, $key );
$woocommerce->add_message( __( 'Check your e-mail for the confirmation link.' ) );
return true;
}
/**
* Retrieves a user row based on password reset key and login
*
* @uses $wpdb WordPress Database object
*
* @access public
* @param string $key Hash to validate sending user's password
* @param string $login The user login
* @return object|bool User's database row on success, false for invalid keys
*/
function woocommerce_check_password_reset_key( $key, $login ) {
global $woocommerce,$wpdb;
$key = preg_replace( '/[^a-z0-9]/i', '', $key );
if ( empty( $key ) || ! is_string( $key ) ) {
$woocommerce->add_error( __( 'Invalid key', 'woocommerce' ) );
return false;
}
if ( empty( $login ) || ! is_string( $login ) ) {
$woocommerce->add_error( __( 'Invalid key', 'woocommerce' ) );
return false;
}
$user = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login ) );
if ( empty( $user ) ) {
$woocommerce->add_error( __( 'Invalid key', 'woocommerce' ) );
return false;
}
return $user;
}
/**
* Handles resetting the user's password.
*
* @access public
* @param object $user The user
* @param string $new_pass New password for the user in plaintext
* @return void
*/
function woocommerce_reset_password( $user, $new_pass ) {
do_action( 'password_reset', $user, $new_pass );
wp_set_password( $new_pass, $user->ID );
wp_password_change_notification( $user );
}