Forum Replies Created
-
thibaut
Participant# 2 years, 10 months agoI updated the code to use wordpress’ secure hash instead, this is working fully
$key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login)); //if (empty($key)) //{ // Generate something random for a key... $key = wp_generate_password(20, false); do_action('retrieve_password_key', $user_login, $key); global $wp_hasher; // Now insert the key, hashed, into the DB. if ( empty( $wp_hasher ) ) { require_once ABSPATH . WPINC . '/class-phpass.php'; $wp_hasher = new PasswordHash( 8, true ); } $hashed = time() . ':' . $wp_hasher->HashPassword( $key ); // Now insert the new md5 key into the db $wpdb->update($wpdb->users, array('user_activation_key' => $hashed), array('user_login' => $user_login)); //}in reply to: Reset password link not workingParticipant# 2 years, 10 months agoI found the issue in your code:
in the file customer-area-login-form/src/php/wp-login-helper.class.php
starting line 77 should be changed to this :
$key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login)); //if (empty($key)) //{ // Generate something random for a key... $key = wp_generate_password(20, false); do_action('retrieve_password_key', $user_login, $key); // Now insert the new md5 key into the db $wpdb->update($wpdb->users, array('user_activation_key' => time() . ':'. $key), array('user_login' => $user_login)); //}First you should always regenerate the activation key on demand, second the time() needs to be added in front of the key in the DB separated by “:” in order to allow expiration and verification.
pleaseĀ correct this ASAP
in reply to: Reset password link not working
Viewing 2 posts - 1 through 2 (of 2 total)