Check for empty password reset key. http://mosquito.wordpress.org/view.php?id=1080 Props: idanso
git-svn-id: http://svn.automattic.com/wordpress/trunk@2438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
5123086148
commit
fc33ac0368
|
@ -125,11 +125,16 @@ case 'resetpass' :
|
||||||
|
|
||||||
// Generate something random for a password... md5'ing current time with a rand salt
|
// Generate something random for a password... md5'ing current time with a rand salt
|
||||||
$key = $_GET['key'];
|
$key = $_GET['key'];
|
||||||
|
if ( empty($key) )
|
||||||
|
die( __('Sorry, that key does not appear to be valid.') );
|
||||||
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'");
|
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'");
|
||||||
if ( !$user )
|
if ( !$user )
|
||||||
die( __('Sorry, that key does not appear to be valid.') );
|
die( __('Sorry, that key does not appear to be valid.') );
|
||||||
|
|
||||||
do_action('password_reset');
|
do_action('password_reset');
|
||||||
|
echo "doing password reset for : {$user->user_login}<br/>";
|
||||||
|
exit;
|
||||||
|
|
||||||
|
|
||||||
$new_pass = substr( md5( uniqid( microtime() ) ), 0, 7);
|
$new_pass = substr( md5( uniqid( microtime() ) ), 0, 7);
|
||||||
$wpdb->query("UPDATE $wpdb->users SET user_pass = MD5('$new_pass'), user_activation_key = '' WHERE user_login = '$user->user_login'");
|
$wpdb->query("UPDATE $wpdb->users SET user_pass = MD5('$new_pass'), user_activation_key = '' WHERE user_login = '$user->user_login'");
|
||||||
|
|
Loading…
Reference in New Issue