Theme My Login
[resolved] Add new filter when retrieving password (patch included) (5 posts)

  1. David Anderson
    Posted 3 years ago #

    This is a great plugin, thank you...

    I wanted to hook into the "lost password" functionality, and allow the user to enter a certain attribute of his account (not username/email address) and recover based on that. Theme-my-login has enough hooks to allow me to change the text labels on the forms easily, but there was no easy way I could see to convert the user's supplied input into a (potential) login (or email address). The code directly uses $_POST['user_login'], giving no point at which this can be intercepted and played about with.

    The easiest way to achieve this seemed to be to add a filter into retrieve_password() like so:

    diff -u -N -r ../../../../theme-my-login-orig/includes/class-theme-my-login.php ./includes/class-theme-my-login.php
    --- ../../../../theme-my-login-orig/includes/class-theme-my-login.php   2012-10-31 19:52:17.404004630 +0300
    +++ ./includes/class-theme-my-login.php 2012-11-06 20:40:54.827522573 +0300
    @@ -959,14 +959,16 @@
                    $errors = new WP_Error();
    -               if ( empty( $_POST['user_login'] ) ) {
    +               $login_key = apply_filters( 'tml_retrieval_key', $_POST['user_login'] );
    +               if ( empty( $login_key ) ) {
                            $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Enter a username or e-mail address.', 'theme-my-login' ) );
    -               } else if ( strpos( $_POST['user_login'], '@' ) ) {
    -                       $user_data = get_user_by_email( trim( $_POST['user_login'] ) );
    +               } else if ( strpos( $login_key, '@' ) ) {
    +                       $user_data = get_user_by_email( trim( $login_key ) );
                            if ( empty( $user_data ) )
                                    $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: There is no user registered with that email address.', 'theme-my-login' ) );
                    } else {
    -                       $login = trim( $_POST['user_login'] );
    +                       $login = trim( $login_key );
                            $user_data = get_user_by( 'login', $login );

    I then write my code:

    add_filter('tml_retrieval_key', 'my_login_convert', 999, 1);
    function my_login_convert($key) {
    // Do stuff here to convert what is supplied into a username. In my case, I look up the key in a database and change that into a username.
    return $key;

    It would be great if that change could be included in your next version - or something equivalent if there's a better way.


  2. Jeff Farthing
    Plugin Author

    Posted 3 years ago #

    I would actually overwrite the entire default functionality using the tml_request_lostpassword action.

  3. David Anderson
    Posted 3 years ago #

    I considered doing that... and then asked myself; why would I want to overwrite the entire default functionality, when I can solve my problem with adding a single filter? It doesn't make sense.

  4. Jeff Farthing
    Plugin Author

    Posted 3 years ago #

    Another option would be to just hook into tml_request, check the that the requested action is "lostpassword", do your processing and then manually override the $_POST value.

  5. David Anderson
    Posted 3 years ago #

    I didn't realise that PHP lets you over-write $_POST. That feels ugly, but if that's the alternative to privately forking the plugin then I'll do that. Thanks for the advice.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Theme My Login
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic