I have the registration workflow set so that my user have to fill out a gravity forms user registration form and then activate their account via a link in an email. The email link sends them to a page that tells the user whether their registration has been successful or a failure. Up on success, I would like my users to click on a password reset link on the activation success page to set their password. I keep getting an invalid link message when I construct the reset link. How do I do construct a valid password reset link?? Here is what I have so far:
<?php
global $gw_activate_template;
extract( $gw_activate_template->result );
$url = is_multisite() ? get_blogaddress_by_id( (int) $blog_id ) : home_url('', 'http');
$user = new WP_User( (int) $user_id );
?>
<h2><?php _e('Your account is now active!'); ?></h2>
<div id="signup-welcome">
<p><span class="h3"><?php _e('Username:'); ?></span> <?php echo $user->user_login ?></p>
<p>To set your password, select the following link: <a href="http://example.com/wp-login.php?action=rp&key=<?php echo $gw_activate_template->get_activation_key(); ?>&login=<?php echo $user->user_login; ?>" >http://example.com/wp-login.php?action=rp&key=<?php echo $gw_activate_template->get_activation_key(); ?>&login=<?php echo $user->user_login; ?></a></p>
</div>
<?php if ( $url != network_home_url('', 'http') ) : ?>
<p class="view"><?php printf( __('Your account is now activated. <a href="%1$s">View the site</a> or <a href="%2$s">Log in</a>'), $url, $url . 'wp-login.php' ); ?></p>
<?php else: ?>
<p class="view"><?php printf( __('Your account is now activated. <a href="%1$s">Log in</a> or go back to the <a href="%2$s">homepage</a>.' ), network_site_url('wp-login.php', 'login'), network_home_url() ); ?></p>
<?php endif; ?>
2 s
After much research, I finally turned to examining the WordPress core file wp_login.php hoping that WP would show how they do it in a non-obtuse manner. From the information around line 331 (WP 4.6.1), I put together the following code.
<?php
global $gw_activate_template;
extract( $gw_activate_template->result );
$url = is_multisite() ? get_blogaddress_by_id( (int) $blog_id ) : home_url('', 'http');
$user = new WP_User( (int) $user_id );
$adt_rp_key = get_password_reset_key( $user );
$user_login = $user->user_login;
$rp_link = '<a href="' . network_site_url("wp-login.php?action=rp&key=$adt_rp_key&login=" . rawurlencode($user_login), 'login') . '">' . network_site_url("wp-login.php?action=rp&key=$adt_rp_key&login=" . rawurlencode($user_login), 'login') . '</a>';
if ( is_wp_error( $key ) ) {
return $key;
}
?>
<h2><?php _e('Your account is now active!'); ?></h2>
<div id="signup-welcome">
<p><span class="h3"><?php _e('Username:'); ?></span> <?php echo $user->user_login ?></p>
<p>To set your password, select the following link: <?php echo $rp_link; ?></p>
</div>
The important thing to constructing the link is the key that is put together by get_password_reset_key( $user ); This is a key that is stored in the database which allows the $user to have its password changed. I saw a website that refers to it as a cookie; however this is using a loose definition of “cookie” because nothing is stored on the users computer. The key is stored in the database and linked to the user account.