• LifterLMS
  • Knowledge Base
  • Academy
  • Blog
  • Podcast
  • Contributors
  • My Account

LifterLMS LifterLMS

  • Code Reference
  • REST API
  • LLMS-CLI

Code Reference

Skip to content
Filter by type:
Search
Browse: Home / Code Reference / Classes / LLMS_Controller_Account / LLMS_Controller_Account::lost_password()

LLMS_Controller_Account::lost_password()

Handle form submission of the Lost Password form

Contents

  • Description
  • Return
  • Source
  • Related
    • Uses
  • Changelog
  • User Contributed Notes

Description #Description

This is the form that sends a password recovery email with a link to reset the password.


Top ↑

Return #Return

(null|WP_Error|true) null when nonce cannot be verified. WP_Error when an error is encountered. true on success.


Top ↑

Source #Source

File: includes/forms/controllers/class.llms.controller.account.php

	public function lost_password() {

		// Invalid nonce or the form wasn't submitted.
		if ( ! llms_verify_nonce( '_lost_password_nonce', 'llms_lost_password', 'POST' ) ) {
			return null;
		}

		/**
		 * Fire an action immediately prior to the lost password form submission processing.
		 *
		 * @since 3.37.17
		 */
		do_action( 'llms_before_lost_password_form_submit' );

		$err   = new WP_Error();
		$user  = false;
		$login = llms_filter_input_sanitize_string( INPUT_POST, 'llms_login' );

		// Login is required.
		if ( empty( $login ) ) {
			$err->add( 'llms_pass_reset_missing_login', __( 'Enter a username or e-mail address.', 'lifterlms' ) );
		} else {

			// Locate the user.
			$field = strpos( $login, '@' ) ? 'email' : 'login';
			$user  = get_user_by( $field, $login );

			// No user found.
			if ( ! $user ) {
				$err->add( 'llms_pass_reset_invalid_login', __( 'Invalid username or e-mail address.', 'lifterlms' ) );
			}
		}

		/**
		 * Ensure 3rd parties that don't use the 2nd param of `lostpassword_post` still work with our reset functionality.
		 *
		 * This specifically adds support for WordFence's "max allowed password resets" under brute force protection, but
		 * might be useful in other scenarios.
		 */
		$_POST['user_login'] = $login;

		/**
		 * Fires before errors are returned from a password reset request.
		 *
		 * Mimics WordPress core behavior so 3rd parties don't need to add special handlers for LifterLMS
		 * password reset flows.
		 *
		 * @since 3.37.17
		 *
		 * @link https://developer.wordpress.org/reference/hooks/lostpassword_post/
		 *
		 * @param WP_Error      $err  A WP_Error object containing any errors generated by using invalid credentials.
		 * @param WP_User|false $user WP_User object if found, false if the user does not exist.
		 */
		do_action( 'lostpassword_post', $err, $user );

		// If we have errors, output them and return.
		if ( ! empty( $err->errors ) ) { // @todo: When we can drop support for WP 5.0 and earlier we can switch to $err->has_errors().
			foreach ( $err->get_error_messages() as $message ) {
				llms_add_notice( $message, 'error' );
			}
			return $err;
		}

		// Set the user's password reset key.
		$key = get_password_reset_key( $user );
		if ( is_wp_error( $key ) ) {
			llms_add_notice( $key->get_error_message(), 'error' );
			return $key;
		}

		// Setup the email.
		$email = llms()->mailer()->get_email(
			'reset_password',
			array(
				'key'           => $key,
				'user'          => $user,
				'login_display' => 'email' === $field ? $user->user_email : $user->user_login,
			)
		);

		// Error generating or sending the email.
		if ( ! $email || ! $email->send() ) {

			$err->add( 'llms_pass_reset_email_failure', __( 'Unable to reset password due to an unknown error. Please try again.', 'lifterlms' ) );
			llms_add_notice( $err->get_error_message(), 'error' );
			return $err;

		}

		// Success.
		llms_add_notice( __( 'Check your e-mail for the confirmation link.', 'lifterlms' ) );
		return true;

	}

Expand full source code Collapse full source code View on GitHub


Top ↑

Related #Related

Uses #Uses

Uses
Uses Description
includes/llms.functions.core.php: llms_filter_input_sanitize_string()

Function used to sanitize user input in a manner similar to the (deprecated) FILTER_SANITIZE_STRING.

includes/forms/controllers/class.llms.controller.account.php: llms_before_lost_password_form_submit

Fire an action immediately prior to the lost password form submission processing.

includes/forms/controllers/class.llms.controller.account.php: lostpassword_post

Fires before errors are returned from a password reset request.

includes/llms.functions.core.php: llms_verify_nonce()

Verify nonce with additional checks to confirm request method

includes/functions/llms.functions.notice.php: llms_add_notice()

Stores notice in llms_notices session

lifterlms.php: llms()

Returns the main instance of LifterLMS

Show 1 more use Hide more uses

Top ↑

Changelog #Changelog

Changelog
Version Description
5.9.0 Stop using deprecated FILTER_SANITIZE_STRING.
4.21.3 Increase 3rd party support for WP core hooks.
3.9.5 Unknown.
3.8.0
3.37.17 Refactored for readability and added new hooks.
3.35.0 Introduced.

Top ↑

User Contributed Notes #User Contributed Notes

You must log in before being able to contribute a note or feedback.

© 2014 - 2023 LifterLMS · Privacy Policy · Terms and Conditions

Insert/edit link

Enter the destination URL

Or link to existing content

    No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.