Skip to content

Instantly share code, notes, and snippets.

@iqbalrony

iqbalrony/class-reset-password.php

Created May 27, 2019 04:14
Show Gist options
  • Save iqbalrony/0e4e1949fc6d2dca0ebb4cbfde54df89 to your computer and use it in GitHub Desktop.
Save iqbalrony/0e4e1949fc6d2dca0ebb4cbfde54df89 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
class-reset-password.php
<?php
if ( !class_exists( 'DGM_Reset_PassWord' ) ) {
/**
*
* Forgot password form
* Reset password form
*
*/
class DGM_Reset_PassWord {
/**
* Class contructor
*
* @since 0.1
**/
public function __construct()
{
add_shortcode( 'lostpassword_form', array( $this, 'the_form' ) );
add_action('dgm_forgot_password_form_start', array( &$this, 'dgm_forgot_form_heading' ) );
add_action('dgm_reset_password_form_start', array( &$this, 'dgm_reset_form_heading' ) );
add_action('dgm_if_user_logged_in', array( &$this, 'dgm_if_user_logged_in' ) );
}
/**
* Main form
*
* @since 1.0
*/
public function the_form()
{
ob_start();
$errors = new WP_Error();
if ( is_user_logged_in() ) {
$this->if_logged_in();
return ob_get_clean();
}
if (
isset( $_GET ) &&
isset( $_GET['action'] ) &&
'rp' === $_GET['action'] &&
isset( $_GET['login'] ) &&
!empty( $_GET['login'] ) &&
isset( $_GET['key'] ) &&
!empty( $_GET['key'] )
) {
$key = $_GET['key'];
$login = $_GET['login'];
$user = check_password_reset_key( $key, $login );
if ( is_wp_error( $user ) ) {
if ( $user->get_error_code() === 'expired_key' )
$errors->add( 'expiredkey', __( 'That key has expired. Please reset your password again.', 'digimart_toolkit' ) );
else
$errors->add( 'invalidkey', __( 'That key is no longer valid. Please reset your password again.', 'digimart_toolkit' ) );
}
if ( $errors->has_errors() ) {
$this->dgm_show_error_messages($errors);
return;
}
if ( !$errors->has_errors() ) {
$this->reset_password($user);
}
} else {
$this->forgot_password();
}
return ob_get_clean();
}
//message display hook for when user logged in
public function if_logged_in(){
do_action('dgm_if_user_logged_in');
}
/**
* Send reset password link
*/
public function forgot_password_init()
{
if( !isset( $_POST['_dgm_lostpassword_nonce'] ) || !wp_verify_nonce($_POST['_dgm_lostpassword_nonce'], 'dgm-lostpassword-nonce')) {
return;
}
if ( !isset( $_POST['user_login'] ) ) {
return;
}
$errors = new WP_Error();
//We shall SQL escape all inputs to avoid sql injection.
$user_login = $_POST['user_login'];
if ( empty( $user_login ) ) {
$errors->add( 'empty', __( 'Enter a username or e-mail address.' , 'digimart_toolkit' ) );
$this->dgm_show_error_messages($errors);
return $errors;
} else if ( strpos( $user_login, '@' ) ) {
$user_data = get_user_by( 'email', trim( wp_unslash( $user_login ) ) );
if ( empty( $user_data ) ) {
$errors->add( 'invalidemail', __( 'Enter a valid e-mail address.' , 'digimart_toolkit') );
$this->dgm_show_error_messages($errors);
return $errors;
}
} else {
$login = trim( $user_login );
$user_data = get_user_by('login', $login);
if ( empty( $user_data ) || !isset( $user_data->ID ) ) {
$errors->add( 'invalidusername', __( 'Enter a valid Username.' ) );
$this->dgm_show_error_messages($errors);
return $errors;
}
}
if ( ! isset($user_data) ) {
$errors->add( 'invalidcombo', __( '<strong>ERROR</strong>: There is no account with that username or email address.', 'digimart_toolkit' ) );
}
if ( $errors->has_errors() ) {
$this->dgm_show_error_messages($errors);
return $errors;
}
if ( !$errors->has_errors() ) {
$user_login = $user_data->user_login;
$user_email = $user_data->user_email;
$key = get_password_reset_key( $user_data );
if ( is_wp_error( $key ) ) {
$errors->add( 'invalidkeygenerate', __( 'Something causing problem with generating key.', 'digimart_toolkit' ) );
return $key;
}
$page_id = get_queried_object_id();
$site_name = $this->get_site_name();
$message = __( 'Someone has requested a password reset for the following account:', 'digimart_toolkit' ) . "\r\n\r\n";
/* translators: %s: site name */
$message .= sprintf( __( 'Site Name: %s', 'digimart_toolkit' ), $site_name ) . "\r\n\r\n";
/* translators: %s: user login */
$message .= sprintf( __( 'Username: %s', 'digimart_toolkit' ), $user_login ) . "\r\n\r\n";
$message .= __( 'If this was a mistake, just ignore this email and nothing will happen.', 'digimart_toolkit' ) . "\r\n\r\n";
$message .= __( 'To reset your password, visit the following address:', 'digimart_toolkit' ) . "\r\n\r\n";
$message .= get_permalink( (int)$page_id ) . "?action=rp&key=$key&login=" . rawurlencode($user_login) . ">\r\n";
/* translators: Password reset notification email subject. %s: Site title */
$title = sprintf( __( '[%s] Password Reset', 'digimart_toolkit' ), $site_name );
if ( $message && ! wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) {
$errors->add( 'could_not_sent', __( 'The email could not be sent. Possible reason: your host may have disabled the mail() function.', 'digimart_toolkit' ) );
} else {
echo "<h3>". esc_html__('Check your e-mail for the confirmation link.', 'digimart_toolkit') ."</h3>";
}
if ( $errors->has_errors() ) {
$this->dgm_show_error_messages($errors);
return $errors;
}
}
return true;
}
public function reset_password_init($user){
if( !isset( $_POST['_dgm_resetpassword_nonce'] ) || !wp_verify_nonce($_POST['_dgm_resetpassword_nonce'], 'dgm-resetpassword-nonce')) {
return false;
}
if ( !( isset( $_POST['new_password'] ) && isset( $_POST['confirm_new_password'] ) ) ) {
return false;
}
$errors = new WP_Error();
//We shall SQL escape all inputs to avoid sql injection.
$new_password = $_POST['new_password'];
$confirm_new_password = $_POST['confirm_new_password'];
// check to see if user added some string
if( empty( $new_password ) || empty( $confirm_new_password ) ) {
$errors->add( 'empty', __( 'Password is required field', 'digimart_toolkit' ) );
$this->dgm_show_error_messages($errors);
return false;
}
// is new_password and confirm_new_password match?
if ( isset( $new_password ) && $new_password != $confirm_new_password ) {
$errors->add( 'not_same', __( 'The passwords did not match.', 'digimart_toolkit' ) );
$this->dgm_show_error_messages($errors);
return false;
}
/**
* Fires before the password reset procedure is validated.
*
* @since 3.5.0
*
* @param object $errors WP Error object.
* @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise.
*/
do_action( 'validate_password_reset', $errors, $user );
if ( isset( $confirm_new_password ) && !empty( $confirm_new_password ) && !$errors->has_errors() ) {
reset_password($user, $confirm_new_password);
$html = sprintf( '<h3>%1$s</h3><p>%2$s</p>',
esc_html__('Your password has been reset.', 'digimart_toolkit'),
esc_html__('Now you need to use you new password in order to login.', 'digimart_toolkit')
);
$html = apply_filters('dgm_reset_password_succsessful_msg', $html);
echo $html;
return true;
}
return false;
}
/**
* Get site name
*/
public function get_site_name(){
if ( is_multisite() ) {
$site_name = get_network()->site_name;
} else {
/*
* The blogname option is escaped with esc_html on the way into the database
* in sanitize_option we want to reverse this for the plain text arena of emails.
*/
$site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
}
return $site_name;
}
/**
* Forgot password form
*
* @since 1.0
*/
public function forgot_password()
{
$this->forgot_password_init();
/**
* Forgot password form endstart
*/
do_action('dgm_forgot_password_before');
?>
<form id="dgm_lostpassword_form" method="post" action="<?php echo $this->redirect_url(); ?>">
<fieldset>
<?php do_action('dgm_forgot_password_form_start'); ?>
<div class="form-group">
<label for="user_login"><?php esc_html_e('Email Address or Username', 'digimart_toolkit'); ?></label>
<input type="email" name="user_login" autocomplete="off" id="user_login" class="form-control" placeholder="<?php esc_html_e( 'Email address', 'digimart_toolkit' ); ?>">
</div>
<?php
/**
* Fires inside the lostpassword <form> tags, before the hidden fields.
*
* @since 2.1.0
*/
do_action( 'lostpassword_form' ); ?>
<div class="form-group">
<input class="form-control" type="submit" value="<?php esc_html_e( 'Reset Password', 'digimart_toolkit' ); ?>">
<?php wp_nonce_field( 'dgm-lostpassword-nonce', '_dgm_lostpassword_nonce' ); ?>
</div>
<?php do_action('dgm_forgot_password_form_end'); ?>
</fieldset>
</form>
<?php
/**
* Forgot password form end
*/
do_action('dgm_forgot_password_after');
}
/**
* Reset password form
*
* @since 1.0
*/
public function reset_password($user)
{
$complete = $this->reset_password_init($user);
/**
* Reset password form endstart
*/
do_action('dgm_reset_password_before');
if ( false === $complete ) :
?>
<form id="dgm_resetpassword_form" method="post">
<fieldset>
<?php do_action('dgm_reset_password_form_start'); ?>
<div class="form-group">
<label for="new_password"><?php esc_html_e('New Password', 'digimart_toolkit'); ?></label>
<input type="password" name="new_password" autocomplete="off" id="new_password" class="form-control">
</div>
<div class="form-group">
<label for="confirm_new_password"><?php esc_html_e('Confirm New Password', 'digimart_toolkit'); ?></label>
<input type="password" name="confirm_new_password" autocomplete="off" id="confirm_new_password" class="form-control">
</div>
<?php
/**
* Fires inside the resetpassword <form> tags, before the hidden fields.
*
* @since 2.1.0
*/
do_action( 'resetpassword_form', $user ); ?>
<div class="form-group">
<input class="form-control" type="submit" value="<?php esc_html_e( 'Reset Password', 'digimart_toolkit' ); ?>">
<?php wp_nonce_field( 'dgm-resetpassword-nonce', '_dgm_resetpassword_nonce' ); ?>
</div>
<?php do_action('dgm_reset_password_form_end'); ?>
</fieldset>
</form>
<?php
endif;
/**
* reset password form end
*/
do_action('dgm_reset_password_after');
}
/**
* Get the url
*/
public function redirect_url(){
global $post;
if (is_singular()) :
$current_url = get_permalink($post->ID);
else :
$pageURL = 'http';
if ($_SERVER["HTTPS"] == "on") $pageURL .= "s";
$pageURL .= "://";
if ($_SERVER["SERVER_PORT"] != "80") $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
else $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
$current_url = $pageURL;
endif;
return $current_url;
}
public function dgm_forgot_form_heading(){
$html = '<div class="dgm-form-header">';
$lost_text = __( 'Please enter your email address or username. You will receive a link to create a new password via email.', 'digimart_toolkit' );
$html .= '<legend>'. esc_html__('Reset password', 'digimart_toolkit') .'</legend>';
$html .= '<p class="dgm-form-paragraph">' . $lost_text . '</p>';
$html .= '</div>';
echo $html;
}
//message for when user is logged in
public function dgm_if_user_logged_in(){
echo '<legend>'. esc_html__('You are already logged in.', 'digimart_toolkit') .'</legend>';
}
public function dgm_reset_form_heading(){
echo '<legend>'. esc_html__('Please enter a new password.', 'digimart_toolkit') .'</legend>';
}
// displays error messages from form submissions
function dgm_show_error_messages($errors)
{
if($codes = $errors->get_error_codes()) {
echo '<div class="dgm_message error alert alert-warning">';
// Loop error codes and display errors
foreach($codes as $code){
$message = $errors->get_error_message($code);
echo '<span class="dgm_error">' . $message . '</span><br/>';
}
echo '</div>';
}
}
}
}
$psd_config = new DGM_Reset_PassWord();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment