";
?>
user_login;
$user_email = $user_data->user_email;
if (!$user_email || $user_email != $_POST['email'])
die(sprintf(__('Sorry, that user does not seem to exist in our database. Perhaps you have the wrong username or e-mail address? Try again.'), 'wp-login.php?action=lostpassword'));
// Generate something random for a password... md5'ing current time with a rand salt
$user_pass = substr( MD5('time' . rand(1, 16000) ), 0, 6);
// now insert the new pass md5'd into the db
$wpdb->query("UPDATE $wpdb->users SET user_pass = MD5('$user_pass') WHERE user_login = '$user_login'");
$message = __('Login') . ": $user_login\r\n";
$message .= __('Password') . ": $user_pass\r\n";
$message .= get_settings('siteurl') . '/wp-login.php';
$m = wp_mail($user_email, sprintf(__("[%s] Your login and password"), get_settings('blogname')), $message);
if ($m == false) {
echo '
' . __('The e-mail could not be sent.') . " \n";
echo __('Possible reason: your host may have disabled the mail() function...') . "
";
die();
} else {
echo '
' . sprintf(__("The e-mail was sent successfully to %s's e-mail address."), $user_login) . ' ';
echo "" . __('Click here to login!') . '
';
// send a copy of password change notification to the admin
wp_mail(get_settings('admin_email'), sprintf(__('[%s] Password Lost/Change'), get_settings('blogname')), sprintf(__('Password Lost and Changed for user: %s'), $user_login));
die();
}
break;
case 'login' :
default:
if( !empty($_POST) ) {
$log = $_POST['log'];
$pwd = $_POST['pwd'];
$redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $_POST['redirect_to']);
} else {
$log = '';
$pwd = '';
$redirect_to = '';
}
$user = get_userdatabylogin($log);
if (0 == $user->user_level) {
$redirect_to = get_settings('siteurl') . '/wp-admin/profile.php';
}
if ($log && $pwd) {
if ( wp_login($log, $pwd) ) {
$user_login = $log;
$user_pass = md5(md5($pwd)); // Double hash the password in the cookie.
setcookie('wordpressuser_'. COOKIEHASH, $user_login, time() + 31536000, COOKIEPATH);
setcookie('wordpresspass_'. COOKIEHASH, $user_pass, time() + 31536000, COOKIEPATH);
if ($is_IIS)
header("Refresh: 0;url=$redirect_to");
else
header("Location: $redirect_to");
}
} else if ( !empty($_COOKIE['wordpressuser_' . COOKIEHASH]) && !empty($_COOKIE['wordpresspass_' . COOKIEHASH]) ) {
$user_login = $_COOKIE['wordpressuser_' . COOKIEHASH];
$user_pass_md5 = $_COOKIE['wordpresspass_' . COOKIEHASH];
if ( wp_login($user_login, $user_pass_md5, true) ) {
header('Location: wp-admin/');
exit();
} else {
if ( !empty($_COOKIE['wordpressuser_' . COOKIEHASH]) )
$error = 'Your session has expired.';
}
}
?>
WordPress ›