problem with reset password plugin
-
Since WP 5.4.0 ‘lostpassword_post’ is fired with two parameters ($errors and $userdata)
You can avoid to guess userdata from $_POST[‘user_login’]In fact I had a problem with a plugin that uses a different name for the field.
I propose you a change in file: new-user-approve/new-user-approve.php
add_action( 'lostpassword_post', array( $this, 'lost_password' ),10,2 )and
public function lost_password( $errors, $user_data ) { /* $is_email = strpos( $_POST['user_login'], '@' ); if ( $is_email === false ) { $username = sanitize_user( $_POST['user_login'] ); $user_data = get_user_by( 'login', trim( $username ) ); } else { $email = is_email( $_POST['user_login'] ); $user_data = get_user_by( 'email', $email ); } */ if ( $user_data->pw_user_status && $user_data->pw_user_status != 'approved' ) { $errors->add( 'unapproved_user', __( '<strong>ERROR</strong>: User has not been approved.', 'new-user-approve' ) ); } return $errors; }
Viewing 3 replies - 1 through 3 (of 3 total)
-
Hi,
there is a safer way to manage this topic.
In fact usin lostpassword_post action is too late.you can use the filter
add_filter( 'allow_password_reset', array(&$this, 'lk_allow_pw_reset'), 10, 2 );
and replace the method lost_password withfunction lk_allow_pw_reset( $result, $user_id ) { $user_data = get_user_by( 'id', $user_id ); if ( $user_data->pw_user_status && $user_data->pw_user_status != 'approved' ) { $result = new WP_Error( 'unapproved_user', __( '<strong>ERROR</strong>: User has not been approved.', 'new-user-approve' ) ); } return $result; }
Viewing 3 replies - 1 through 3 (of 3 total)
The topic ‘problem with reset password plugin’ is closed to new replies.
