Add new filter when retrieving password (patch included)

  • Resolved David Anderson

    (@davidanderson)


    11 years, 5 months ago

    This is a great plugin, thank you…

    I wanted to hook into the “lost password” functionality, and allow the user to enter a certain attribute of his account (not username/email address) and recover based on that. Theme-my-login has enough hooks to allow me to change the text labels on the forms easily, but there was no easy way I could see to convert the user’s supplied input into a (potential) login (or email address). The code directly uses $_POST[‘user_login’], giving no point at which this can be intercepted and played about with.

    The easiest way to achieve this seemed to be to add a filter into retrieve_password() like so:

    diff -u -N -r ../../../../theme-my-login-orig/includes/class-theme-my-login.php ./includes/class-theme-my-login.php
--- ../../../../theme-my-login-orig/includes/class-theme-my-login.php   2012-10-31 19:52:17.404004630 +0300
+++ ./includes/class-theme-my-login.php 2012-11-06 20:40:54.827522573 +0300
@@ -959,14 +959,16 @@

                $errors = new WP_Error();

-               if ( empty( $_POST['user_login'] ) ) {
+               $login_key = apply_filters( 'tml_retrieval_key', $_POST['user_login'] );
+
+               if ( empty( $login_key ) ) {
                        $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Enter a username or e-mail address.', 'theme-my-login' ) );
-               } else if ( strpos( $_POST['user_login'], '@' ) ) {
-                       $user_data = get_user_by_email( trim( $_POST['user_login'] ) );
+               } else if ( strpos( $login_key, '@' ) ) {
+                       $user_data = get_user_by_email( trim( $login_key ) );
                        if ( empty( $user_data ) )
                                $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: There is no user registered with that email address.', 'theme-my-login' ) );
                } else {
-                       $login = trim( $_POST['user_login'] );
+                       $login = trim( $login_key );
                        $user_data = get_user_by( 'login', $login );
                }

    I then write my code:

    add_filter(‘tml_retrieval_key’, ‘my_login_convert’, 999, 1);
    function my_login_convert($key) {
    // Do stuff here to convert what is supplied into a username. In my case, I look up the key in a database and change that into a username.
    return $key;
    }

    It would be great if that change could be included in your next version – or something equivalent if there’s a better way.

    http://wordpress.org/extend/plugins/theme-my-login/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Jeff Farthing

    (@jfarthing84)

    11 years, 5 months ago

    I would actually overwrite the entire default functionality using the tml_request_lostpassword action.

    Thread Starter David Anderson

    (@davidanderson)

    11 years, 5 months ago

    I considered doing that… and then asked myself; why would I want to overwrite the entire default functionality, when I can solve my problem with adding a single filter? It doesn’t make sense.

    Plugin Author Jeff Farthing

    (@jfarthing84)

    11 years, 5 months ago

    Another option would be to just hook into tml_request, check the that the requested action is “lostpassword”, do your processing and then manually override the $_POST value.

    Thread Starter David Anderson

    (@davidanderson)

    11 years, 5 months ago

    I didn’t realise that PHP lets you over-write $_POST. That feels ugly, but if that’s the alternative to privately forking the plugin then I’ll do that. Thanks for the advice.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Add new filter when retrieving password (patch included)’ is closed to new replies.