Support » Plugin: Theme My Login » Add new filter when retrieving password (patch included)

  • Resolved David Anderson


    This is a great plugin, thank you…

    I wanted to hook into the “lost password” functionality, and allow the user to enter a certain attribute of his account (not username/email address) and recover based on that. Theme-my-login has enough hooks to allow me to change the text labels on the forms easily, but there was no easy way I could see to convert the user’s supplied input into a (potential) login (or email address). The code directly uses $_POST[‘user_login’], giving no point at which this can be intercepted and played about with.

    The easiest way to achieve this seemed to be to add a filter into retrieve_password() like so:

    diff -u -N -r ../../../../theme-my-login-orig/includes/class-theme-my-login.php ./includes/class-theme-my-login.php
    --- ../../../../theme-my-login-orig/includes/class-theme-my-login.php   2012-10-31 19:52:17.404004630 +0300
    +++ ./includes/class-theme-my-login.php 2012-11-06 20:40:54.827522573 +0300
    @@ -959,14 +959,16 @@
                    $errors = new WP_Error();
    -               if ( empty( $_POST['user_login'] ) ) {
    +               $login_key = apply_filters( 'tml_retrieval_key', $_POST['user_login'] );
    +               if ( empty( $login_key ) ) {
                            $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Enter a username or e-mail address.', 'theme-my-login' ) );
    -               } else if ( strpos( $_POST['user_login'], '@' ) ) {
    -                       $user_data = get_user_by_email( trim( $_POST['user_login'] ) );
    +               } else if ( strpos( $login_key, '@' ) ) {
    +                       $user_data = get_user_by_email( trim( $login_key ) );
                            if ( empty( $user_data ) )
                                    $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: There is no user registered with that email address.', 'theme-my-login' ) );
                    } else {
    -                       $login = trim( $_POST['user_login'] );
    +                       $login = trim( $login_key );
                            $user_data = get_user_by( 'login', $login );

    I then write my code:

    add_filter(‘tml_retrieval_key’, ‘my_login_convert’, 999, 1);
    function my_login_convert($key) {
    // Do stuff here to convert what is supplied into a username. In my case, I look up the key in a database and change that into a username.
    return $key;

    It would be great if that change could be included in your next version – or something equivalent if there’s a better way.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Jeff Farthing


    I would actually overwrite the entire default functionality using the tml_request_lostpassword action.

    I considered doing that… and then asked myself; why would I want to overwrite the entire default functionality, when I can solve my problem with adding a single filter? It doesn’t make sense.

    Plugin Author Jeff Farthing


    Another option would be to just hook into tml_request, check the that the requested action is “lostpassword”, do your processing and then manually override the $_POST value.

    I didn’t realise that PHP lets you over-write $_POST. That feels ugly, but if that’s the alternative to privately forking the plugin then I’ll do that. Thanks for the advice.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Add new filter when retrieving password (patch included)’ is closed to new replies.