vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 22:30:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Expire password reset links after 24 hours (by default). This causes existing password reset links to become invalid.

Browse Source 
Props markjaquith, voldemortensen, johnbillion, MikeHansenMe, dd32
See #32429


git-svn-id: https://develop.svn.wordpress.org/trunk@33019 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Dion Hulse
2015-07-01 06:32:07 +00:00
parent b04ea26df1
commit 5b58664439
3 changed files with 159 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/wp-login.php
View File

@@ -363,7 +363,7 @@ function retrieve_password() {
require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );
}
$hashed = $wp_hasher->HashPassword( $key );
$hashed = time() . ':' . $wp_hasher->HashPassword( $key );
$wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) );
$message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
@@ -528,10 +528,11 @@ case 'retrievepassword' :
}
if ( isset( $_GET['error'] ) ) {
if ( 'invalidkey' == $_GET['error'] )
$errors->add( 'invalidkey', __( 'Sorry, that key does not appear to be valid.' ) );
elseif ( 'expiredkey' == $_GET['error'] )
$errors->add( 'expiredkey', __( 'Sorry, that key has expired. Please try again.' ) );
if ( 'invalidkey' == $_GET['error'] ) {
$errors->add( 'invalidkey', __( 'Your password reset link appears to be invalid. Please request a new lnk below.' ) );
} elseif ( 'expiredkey' == $_GET['error'] ) {
$errors->add( 'expiredkey', __( 'Your password reset link has expired. Please request a new link below.' ) );
}
}
$lostpassword_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';