retrieve_password()
Handles sending password retrieval email to user.
Return
Source
File: wp-login.php
function retrieve_password() {
$errors = new WP_Error();
if ( empty( $_POST['user_login'] ) || ! is_string( $_POST['user_login'] ) ) {
$errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or email address.'));
} elseif ( strpos( $_POST['user_login'], '@' ) ) {
$user_data = get_user_by( 'email', trim( wp_unslash( $_POST['user_login'] ) ) );
if ( empty( $user_data ) )
$errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
} else {
$login = trim($_POST['user_login']);
$user_data = get_user_by('login', $login);
}
/**
* Fires before errors are returned from a password reset request.
*
* @since WP-2.1.0
* @since WP-4.4.0 Added the `$errors` parameter.
*
* @param WP_Error $errors A WP_Error object containing any errors generated
* by using invalid credentials.
*/
do_action( 'lostpassword_post', $errors );
if ( $errors->get_error_code() )
return $errors;
if ( !$user_data ) {
$errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or email.'));
return $errors;
}
// Redefining user_login ensures we return the right case in the email.
$user_login = $user_data->user_login;
$user_email = $user_data->user_email;
$key = get_password_reset_key( $user_data );
if ( is_wp_error( $key ) ) {
return $key;
}
if ( is_multisite() ) {
$site_name = get_network()->site_name;
} else {
/*
* The blogname option is escaped with esc_html on the way into the database
* in sanitize_option we want to reverse this for the plain text arena of emails.
*/
$site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
}
$message = __( 'Someone has requested a password reset for the following account:' ) . "\r\n\r\n";
/* translators: %s: site name */
$message .= sprintf( __( 'Site Name: %s'), $site_name ) . "\r\n\r\n";
/* translators: %s: user login */
$message .= sprintf( __( 'Username: %s'), $user_login ) . "\r\n\r\n";
$message .= __( 'If this was a mistake, just ignore this email and nothing will happen.' ) . "\r\n\r\n";
$message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n";
$message .= network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user_login ), 'login' ) . "\r\n";
/* translators: Password reset email subject. %s: Site name */
$title = sprintf( __( '[%s] Password Reset' ), $site_name );
/**
* Filters the subject of the password reset email.
*
* @since WP-2.8.0
* @since WP-4.4.0 Added the `$user_login` and `$user_data` parameters.
*
* @param string $title Default email title.
* @param string $user_login The username for the user.
* @param WP_User $user_data WP_User object.
*/
$title = apply_filters( 'retrieve_password_title', $title, $user_login, $user_data );
/**
* Filters the message body of the password reset mail.
*
* If the filtered message is empty, the password reset email will not be sent.
*
* @since WP-2.8.0
* @since WP-4.1.0 Added `$user_login` and `$user_data` parameters.
*
* @param string $message Default mail message.
* @param string $key The activation key.
* @param string $user_login The username for the user.
* @param WP_User $user_data WP_User object.
*/
$message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data );
if ( $message && !wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) )
wp_die( __('The email could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') );
return true;
}