Correctly generate new passwords, added check for email address to slow down jerks.
git-svn-id: http://svn.automattic.com/wordpress/trunk@851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
bb09ce7e76
commit
51231afb16
14
wp-login.php
14
wp-login.php
|
@ -161,7 +161,7 @@ case 'lostpassword':
|
||||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||||
<head>
|
<head>
|
||||||
<title>WordPress > Lost password ?</title>
|
<title>WordPress › Lost password ?</title>
|
||||||
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
|
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
|
||||||
<link rel="stylesheet" href="<?php echo $siteurl; ?>/wp-admin/wp-admin.css" type="text/css" />
|
<link rel="stylesheet" href="<?php echo $siteurl; ?>/wp-admin/wp-admin.css" type="text/css" />
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
|
@ -176,14 +176,15 @@ case 'lostpassword':
|
||||||
|
|
||||||
|
|
||||||
<div id="login">
|
<div id="login">
|
||||||
<p>Type your login here and click OK. You will receive an email with your password.</p>
|
<p>Please enter your information here. We will send you a new password. </p>
|
||||||
<?php
|
<?php
|
||||||
if ($error) echo "<div align=\"right\" style=\"padding:4px;\"><font color=\"#FF0000\">$error</font><br /> </div>";
|
if ($error) echo "<div align=\"right\" style=\"padding:4px;\"><font color=\"#FF0000\">$error</font><br /> </div>";
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<form name="" action="wp-login.php" method="post" id="lostpass">
|
<form name="" action="wp-login.php" method="post" id="lostpass">
|
||||||
<input type="hidden" name="action" value="retrievepassword" />
|
<input type="hidden" name="action" value="retrievepassword" />
|
||||||
<label>Login: <input type="text" name="user_login" id="user_login" value="" size="12" /></label>
|
<label>Login: <input type="text" name="user_login" id="user_login" value="" size="12" /></label><br />
|
||||||
|
<label>Email: <input type="text" name="email" id="email" value="" size="12" /></label><br />
|
||||||
<input type="submit" name="Submit2" value="OK" class="search">
|
<input type="submit" name="Submit2" value="OK" class="search">
|
||||||
|
|
||||||
</form>
|
</form>
|
||||||
|
@ -202,9 +203,12 @@ case 'retrievepassword':
|
||||||
$user_login = $HTTP_POST_VARS["user_login"];
|
$user_login = $HTTP_POST_VARS["user_login"];
|
||||||
$user_data = get_userdatabylogin($user_login);
|
$user_data = get_userdatabylogin($user_login);
|
||||||
$user_email = $user_data->user_email;
|
$user_email = $user_data->user_email;
|
||||||
$user_pass = $user_data->user_pass;
|
|
||||||
|
|
||||||
if (!$user_email) die('Sorry, that user does not seem to exist in our database. Perhaps you have the wrong username?');
|
if (!$user_email || $user_email != $_POST['email']) die('Sorry, that user does not seem to exist in our database. Perhaps you have the wrong username or email address? <a href="wp-login.php?action=lostpassword">Try again</a>.');
|
||||||
|
// Generate something random for a password... md5'ing current time with a rand salt
|
||||||
|
$user_pass = substr((MD5("time" . rand(1,16000))), 0, 6);
|
||||||
|
// now insert the new pass md5'd into the db
|
||||||
|
$wpdb->query("UPDATE wp_users SET user_pass = MD5('$user_pass') WHERE user_login = '$user_login'");
|
||||||
$message = "Login: $user_login\r\n";
|
$message = "Login: $user_login\r\n";
|
||||||
$message .= "Password: $user_pass\r\n";
|
$message .= "Password: $user_pass\r\n";
|
||||||
$message .= "Login at: $siteurl/wp-login.php";
|
$message .= "Login at: $siteurl/wp-login.php";
|
||||||
|
|
Loading…
Reference in New Issue