LLMS_Controller_Account::lost_password()
Handle form submission of the Lost Password form
Description Description
This is the form that sends a password recovery email with a link to reset the password.
Return Return
(null|WP_Error|true) null when nonce cannot be verified. WP_Error when an error is encountered. true on success.
Source Source
File: includes/forms/controllers/class.llms.controller.account.php
public function lost_password() {
// Invalid nonce or the form wasn't submitted.
if ( ! llms_verify_nonce( '_lost_password_nonce', 'llms_lost_password', 'POST' ) ) {
return null;
}
/**
* Fire an action immediately prior to the lost password form submission processing.
*
* @since 3.37.17
*/
do_action( 'llms_before_lost_password_form_submit' );
$err = new WP_Error();
$user = false;
$login = llms_filter_input_sanitize_string( INPUT_POST, 'llms_login' );
// Login is required.
if ( empty( $login ) ) {
$err->add( 'llms_pass_reset_missing_login', __( 'Enter a username or e-mail address.', 'lifterlms' ) );
} else {
// Locate the user.
$field = strpos( $login, '@' ) ? 'email' : 'login';
$user = get_user_by( $field, $login );
// No user found.
if ( ! $user ) {
$err->add( 'llms_pass_reset_invalid_login', __( 'Invalid username or e-mail address.', 'lifterlms' ) );
}
}
/**
* Ensure 3rd parties that don't use the 2nd param of `lostpassword_post` still work with our reset functionality.
*
* This specifically adds support for WordFence's "max allowed password resets" under brute force protection, but
* might be useful in other scenarios.
*/
$_POST['user_login'] = $login;
/**
* Fires before errors are returned from a password reset request.
*
* Mimics WordPress core behavior so 3rd parties don't need to add special handlers for LifterLMS
* password reset flows.
*
* @since 3.37.17
*
* @link https://developer.wordpress.org/reference/hooks/lostpassword_post/
*
* @param WP_Error $err A WP_Error object containing any errors generated by using invalid credentials.
* @param WP_User|false $user WP_User object if found, false if the user does not exist.
*/
do_action( 'lostpassword_post', $err, $user );
// If we have errors, output them and return.
if ( ! empty( $err->errors ) ) { // @todo: When we can drop support for WP 5.0 and earlier we can switch to $err->has_errors().
foreach ( $err->get_error_messages() as $message ) {
llms_add_notice( $message, 'error' );
}
return $err;
}
// Set the user's password reset key.
$key = get_password_reset_key( $user );
if ( is_wp_error( $key ) ) {
llms_add_notice( $key->get_error_message(), 'error' );
return $key;
}
// Setup the email.
$email = llms()->mailer()->get_email(
'reset_password',
array(
'key' => $key,
'user' => $user,
'login_display' => 'email' === $field ? $user->user_email : $user->user_login,
)
);
// Error generating or sending the email.
if ( ! $email || ! $email->send() ) {
$err->add( 'llms_pass_reset_email_failure', __( 'Unable to reset password due to an unknown error. Please try again.', 'lifterlms' ) );
llms_add_notice( $err->get_error_message(), 'error' );
return $err;
}
// Success.
llms_add_notice( __( 'Check your e-mail for the confirmation link.', 'lifterlms' ) );
return true;
}
Expand full source code Collapse full source code View on GitHub
Changelog Changelog
| Version | Description |
|---|---|
| 5.9.0 | Stop using deprecated FILTER_SANITIZE_STRING. |
| 4.21.3 | Increase 3rd party support for WP core hooks. |
| 3.9.5 | Unknown. |
| 3.8.0 | |
| 3.37.17 | Refactored for readability and added new hooks. |
| 3.35.0 | Introduced. |