Last active
February 26, 2018 19:58
-
-
Save gicolek/f6ae1237ee8d48512748 to your computer and use it in GitHub Desktop.
Gravity Forms Recover Password Submission Hook 1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| add_action( "gform_pre_submission_2", "wp_doin_pre_submission_2" ); | |
| /** | |
| * | |
| * @param type $form | |
| * @return type | |
| */ | |
| function wp_doin_pre_submission_2($form) { | |
| global $wpdb, $wp_hasher; | |
| // get the submitted value | |
| $email_or_username = $_POST['input_1']; | |
| // let's check if the user has provided email or username | |
| if ( strpos( $email_or_username, '@' ) ) { | |
| $email = sanitize_email( $email_or_username ); | |
| $user_data = get_user_by( 'email', $email ); | |
| } else { | |
| $username = esc_attr( $email_or_username ); | |
| $user_data = get_user_by( 'login', $username ); | |
| } | |
| // Redefining user_login ensures we return the right case in the email. | |
| $user_login = $user_data->user_login; | |
| $user_email = $user_data->user_email; | |
| $key = wp_generate_password( 20, false ); | |
| // Now insert the key, hashed, into the DB. | |
| if ( empty( $wp_hasher ) ) { | |
| require_once ABSPATH . WPINC . '/class-phpass.php'; | |
| $wp_hasher = new PasswordHash( 8, true ); | |
| } | |
| // obtain new hashed password | |
| $hashed = time() . ':' . $wp_hasher->HashPassword( $key ); | |
| // update user with new activation key | |
| $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) ); | |
| // construct the email message for the user | |
| $message = __( 'Someone requested that the password be reset for the following account:' ) . "\r\n\r\n"; | |
| $message .= network_home_url( '/' ) . "\r\n\r\n"; | |
| $message .= sprintf( __( 'Username: %s' ), $user_login ) . "\r\n\r\n"; | |
| $message .= __( 'If this was a mistake, just ignore this email and nothing will happen.' ) . "\r\n\r\n"; | |
| $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n"; | |
| $message .= '<' . network_site_url( "/recover-password/?action=rp&method=gf&key=$key&login=" . rawurlencode( $user_login ), 'login' ) . ">\r\n"; | |
| if ( is_multisite() ) { | |
| $blogname = $GLOBALS['current_site']->site_name; | |
| } else { | |
| /* | |
| * The blogname option is escaped with esc_html on the way into the database | |
| * in sanitize_option we want to reverse this for the plain text arena of emails. | |
| */ | |
| $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); | |
| } | |
| $title = sprintf( __( '[%s] Password Reset' ), $blogname ); | |
| /** | |
| * Filter the subject of the password reset email. | |
| * | |
| * @since 2.8.0 | |
| * | |
| * @param string $title Default email title. | |
| */ | |
| $title = apply_filters( 'retrieve_password_title', $title ); | |
| /** | |
| * Filter the message body of the password reset mail. | |
| * | |
| * @since 2.8.0 | |
| * @since 4.1.0 Added `$user_login` and `$user_data` parameters. | |
| * | |
| * @param string $message Default mail message. | |
| * @param string $key The activation key. | |
| * @param string $user_login The username for the user. | |
| * @param WP_User $user_data WP_User object. | |
| */ | |
| $message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data ); | |
| if ( $message && !wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) | |
| wp_die( __( 'The e-mail could not be sent.' ) . "<br />\n" . __( 'Possible reason: your host may have disabled the mail() function.' ) ); | |
| return; | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment