IT Nursery
  • 1010 Avenue of the Moon
    New York, NY 10018 US.
  • Mon - Sat 8.00 - 18.00
    Sunday: Closed
  • Get A Quote
  • WordPress

    • How do I create a password reset link?

    • IT Nursery
    • April 26, 2022
    • 0

    I have the registration workflow set so that my user have to fill out a gravity forms user registration form and then activate their account via a link in an email. The email link sends them to a page that tells the user whether their registration has been successful or a failure. Up on success, I would like my users to click on a password reset link on the activation success page to set their password. I keep getting an invalid link message when I construct the reset link. How do I do construct a valid password reset link?? Here is what I have so far:

    <?php

global $gw_activate_template;

extract( $gw_activate_template->result );

$url = is_multisite() ? get_blogaddress_by_id( (int) $blog_id ) : home_url('', 'http');
$user = new WP_User( (int) $user_id );

?>

<h2><?php _e('Your account is now active!'); ?></h2>

<div id="signup-welcome">
    <p><span class="h3"><?php _e('Username:'); ?></span> <?php echo $user->user_login ?></p>

<p>To set your password, select the following link:  <a href="http://example.com/wp-login.php?action=rp&key=<?php echo $gw_activate_template->get_activation_key(); ?>&login=<?php echo $user->user_login; ?>" >http://example.com/wp-login.php?action=rp&amp;key=<?php echo $gw_activate_template->get_activation_key(); ?>&amp;login=<?php echo $user->user_login; ?></a></p>
</div>

<?php if ( $url != network_home_url('', 'http') ) : ?>
    <p class="view"><?php printf( __('Your account is now activated. <a href="%1$s">View the site</a> or <a href="%2$s">Log in</a>'), $url, $url . 'wp-login.php' ); ?></p>
<?php else: ?>
<p class="view"><?php printf( __('Your account is now activated. <a href="%1$s">Log in</a> or go back to the <a href="%2$s">homepage</a>.' ), network_site_url('wp-login.php', 'login'), network_home_url() ); ?></p>
<?php endif; ?>

    2 s
    2

    After much research, I finally turned to examining the WordPress core file wp_login.php hoping that WP would show how they do it in a non-obtuse manner. From the information around line 331 (WP 4.6.1), I put together the following code.

    <?php

global $gw_activate_template;

extract( $gw_activate_template->result );

$url = is_multisite() ? get_blogaddress_by_id( (int) $blog_id ) : home_url('', 'http');
$user = new WP_User( (int) $user_id );

$adt_rp_key = get_password_reset_key( $user );
$user_login = $user->user_login;
$rp_link = '<a href="' . network_site_url("wp-login.php?action=rp&key=$adt_rp_key&login=" . rawurlencode($user_login), 'login') . '">' . network_site_url("wp-login.php?action=rp&key=$adt_rp_key&login=" . rawurlencode($user_login), 'login') . '</a>';

if ( is_wp_error( $key ) ) {
    return $key;
}

?>

<h2><?php _e('Your account is now active!'); ?></h2>

<div id="signup-welcome">
    <p><span class="h3"><?php _e('Username:'); ?></span> <?php echo $user->user_login ?></p>
    <p>To set your password, select the following link: <?php echo $rp_link; ?></p>
</div>

    The important thing to constructing the link is the key that is put together by get_password_reset_key( $user ); This is a key that is stored in the database which allows the $user to have its password changed. I saw a website that refers to it as a cookie; however this is using a loose definition of “cookie” because nothing is stored on the users computer. The key is stored in the database and linked to the user account.

    Tags:

    Leave a Reply

    Your email address will not be published. Required fields are marked *