Question

我目前正在尝试构建自定义的重置密码表单，该表单似乎可以正常工作，直到需要为用户验证密钥为止。

//Redirect away from default wordpress to reset password
function redirect_to_reset_password() {
    if ( 'GET' == $_SERVER['REQUEST_METHOD'] ) {
        // Verify key / login combo
        $user = check_password_reset_key( $_REQUEST['key'], $_REQUEST['login'] );
        if ( ! $user || is_wp_error( $user ) ) {
            if ( $user && $user->get_error_code() === 'expired_key' ) {
                wp_redirect( home_url( '/login?login=expiredkey/' ) );
            } else {
                wp_redirect( home_url( '/login?login=invalidkey/' ) );
            }
            exit;
        }

        $redirect_url = home_url( '/reset-password/' );
        $redirect_url = add_query_arg( 'login', esc_attr( $_REQUEST['login'] ), $redirect_url );
        $redirect_url = add_query_arg( 'key', esc_attr( $_REQUEST['key'] ), $redirect_url );

        wp_redirect( $redirect_url );
        exit;
    }
}
add_action('login_form_rp', 'redirect_to_reset_password');
add_action('login_form_resetpass', 'redirect_to_reset_password');

//Make new password
function do_password_reset() {
    if ( 'POST' == $_SERVER['REQUEST_METHOD'] ) {
        $rp_key = $_REQUEST['rp_key'];
        $rp_login = $_REQUEST['rp_login'];
        $user = check_password_reset_key( $rp_key, $rp_login );

        if ( ! $user || is_wp_error( $user ) ) {
            if ( $user && $user->get_error_code() === 'expired_key' ) {
                wp_redirect( home_url( '/login?login=expiredkey/' ) );
            } else {
                wp_redirect( home_url( '/login?login=invalidkey/' ) );
            }
            exit;
        }

        if ( isset( $_POST['pass1'] ) ) {
            if ( $_POST['pass1'] != $_POST['pass2'] ) {
                // Passwords don't match
                $redirect_url = home_url( '/reset-password/' );

                $redirect_url = add_query_arg( 'key', $rp_key, $redirect_url );
                $redirect_url = add_query_arg( 'login', $rp_login, $redirect_url );
                $redirect_url = add_query_arg( 'error', 'password_reset_mismatch', $redirect_url );

                wp_redirect( $redirect_url );
                exit;
            }

            if ( empty( $_POST['pass1'] ) ) {
                // Password is empty
                $redirect_url = home_url( '/reset-password/' );

                $redirect_url = add_query_arg( 'key', $rp_key, $redirect_url );
                $redirect_url = add_query_arg( 'login', $rp_login, $redirect_url );
                $redirect_url = add_query_arg( 'error', 'password_reset_empty', $redirect_url );

                wp_redirect( $redirect_url );
                exit;
            }

            // Parameter checks OK, reset password
            reset_password( $user, $_POST['pass1'] );
            wp_redirect( home_url( '/login?password=changed/' ) );
        } else {
            echo "Invalid request.";
        }

        exit;
    }
}
add_action( 'login_form_rp', 'do_password_reset' );
add_action( 'login_form_resetpass', 'do_password_reset' );

我一直在偷偷摸摸，试图找出问题的根源，并且我发现user_activation_key下的密钥与尝试重设密码时从URL中获得的密钥不同。。例如：

DB：1553346836:$P$BYEbftAGRfnhlBTeuNL4ylhsxRyhS3/

URL：key=dx1GjoJnaD6Dytc5zpNq

但是我没有找到解决方案或原因。

WordPress重置密码返回无效密钥

0 个答案: