10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1464 from ultimatemember/fix/reset_url_hash

Browse Source 
Fixed reset url hash
This commit is contained in:
Mykyta Synelnikov
2024-02-29 15:02:23 +02:00
committed by GitHub
parent 2294ad7a3e 042dc6e320
commit a17d66093a
2 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/class-password.php
+9 -4
View File
@@ -38,20 +38,25 @@ if ( ! class_exists( 'um\core\Password' ) ) {
*
* @return bool|string
*/
function reset_url() {
public function reset_url() {
static $reset_key = null;
$user_id = um_user( 'ID' );
delete_option( "um_cache_userdata_{$user_id}" );
//new reset password key via WordPress native field. It maybe already exists here but generated twice to make sure that emailed with a proper and fresh hash
// New reset password key via WordPress native field. It maybe already exists here but generated twice to make sure that emailed with a proper and fresh hash.
// But doing that only once in 1 request using static variable. Different email placeholders can use reset_url() and we have to use 1 time generated to avoid invalid keys.
$user_data = get_userdata( $user_id );
$key = UM()->user()->maybe_generate_password_reset_key( $user_data );
if ( empty( $reset_key ) ) {
$reset_key = UM()->user()->maybe_generate_password_reset_key( $user_data );
}
// this link looks like WordPress native link e.g. wp-login.php?action=rp&key={hash}&login={user_login}
$url = add_query_arg(
array(
'act' => 'reset_password',
'hash' => $key,
'hash' => $reset_key,
'login' => $user_data->user_login,
),
um_get_core_page( 'password-reset' )