Skip to:
Content
Pages
Categories
Search
Top
Bottom

Re: Forcing Password Reset (not *don't want to*)

@nuprn1

Member

15 years, 5 months ago

Sure… but be forewarned. i’m not familiar with php whatsoever and the bbPress structure. (so i’m sure i violated something) this is on 1.0. Not sure if this can be made into a plug-in or not, I have yet to read up on how to create those and the filter/hook stuff.

(i have a small community ~1000 when all said and done – but some are savvy with firebug would just edit the form fields if disabled)

profile-edit.php in the main root – everything labeled CHANGED

// Instantiate the error object

$errors = new WP_Error;

if ( ‘post’ == strtolower($_SERVER) ) {

$_POST = stripslashes_deep( $_POST );

bb_check_admin_referer( ‘edit-profile_’ . $user_id );

// Fix the URL before sanitizing it

$user_url = bb_fix_link( $_POST );

// Sanitize the profile info keys and check for missing required data

foreach ( $profile_info_keys as $key => $label ) {

$$key = apply_filters( ‘sanitize_profile_info’, $_POST[$key], $key, $_POST[$key] );

if ( !$$key && $label[0] == 1 ) {

$errors->add( $key, sprintf( __( ‘%s is required.’ ), esc_html( $label[1] ) ) );

$$key = false;

}

}

// Find out if we have a valid email address

if ( isset( $user_email ) && !$user_email = is_email( $user_email ) ) {

$errors->add( ‘user_email’, __( ‘Invalid email address’ ), array( ‘data’ => $_POST ) );

}

//CHANGED – added for duplicate email check on profile update

if (isset( $user_email )) {

if(changed_no_duplicate_email_update_user($user_email, $user->ID)) {

$bad_input = true;

$$key = false;

$errors->add( ‘user_email’, __( ‘Email address already in use’ ), array( ‘data’ => $_POST ) );

}

}

//ENDCHANGED

// Deal with errors for users who can edit others data

if ( bb_current_user_can(‘edit_users’) ) {

// If we are deleting just do it and redirect

if ( isset($_POST) && $_POST && $bb_current_id != $user->ID ) {

bb_delete_user( $user->ID );

wp_redirect( bb_get_uri(null, null, BB_URI_CONTEXT_HEADER) );

exit;

}

// Get the user object

$user_obj = new BP_User( $user->ID );

// Store the new role

$role = $_POST;

// Deal with errors with the role

if ( !isset($wp_roles->role_objects[$role]) ) {

$errors->add( ‘role’, __( ‘Invalid Role’ ) );

} elseif ( !bb_current_user_can( ‘keep_gate’ ) && ( ‘keymaster’ == $role || ‘keymaster’ == $user_obj->roles[0] ) ) {

$errors->add( ‘role’, __( ‘You are not the Gate Keeper.’ ) );

} elseif ( ‘keymaster’ == $user_obj->roles[0] && ‘keymaster’ != $role && $bb_current_id == $user->ID ) {

$errors->add( ‘role’, __( ‘You are Keymaster, so you may not demote yourself.’ ) );

}

// Sanitize the profile admin keys and check for missing required data

foreach ( $profile_admin_keys as $key => $label ) {

if ( isset( $$key ) )

continue;

$$key = apply_filters( ‘sanitize_profile_admin’, $_POST[$key], $key, $_POST[$key] );

if ( !$$key && $label[0] == 1 ) {

$errors->add( $key, sprintf( __( ‘%s is required.’ ), esc_html( $label[1] ) ) );

$$key = false;

}

}

// Create variable for the requested roles

foreach ( $assignable_caps as $cap => $label ) {

if ( isset($$cap) )

continue;

$$cap = ( isset($_POST[$cap]) && $_POST[$cap] ) ? 1 : 0;

}

}

// Deal with errors generated from the password form

if ( bb_current_user_can( ‘change_user_password’, $user->ID ) ) {

if ( ( !empty($_POST) || !empty($_POST) ) && $_POST !== $_POST ) {

$errors->add( ‘pass’, __( ‘You must enter the same password twice.’ ) );

} elseif( !empty($_POST) && !bb_current_user_can( ‘change_user_password’, $user->ID ) ) {

$errors->add( ‘pass’, __( “You are not allowed to change this user’s password.” ) );

}

}

// If there are no errors then update the records

if ( !$errors->get_error_codes() ) {

do_action(‘before_profile_edited’, $user->ID);

//CHANGED – did we reset the email?

$changed_do_email_reset = false;

//ENDCHANGED

if ( bb_current_user_can( ‘edit_user’, $user->ID ) ) {

//CHANGED- if user updates email address – generate new password and email

if ($user->user_email != $user_email) {

$changed_do_email_reset = true;

$changed_old_email = $user->user_email;

}

//ENDCHANGED

// All these are always set at this point

bb_update_user( $user->ID, $user_email, $user_url, $display_name );

// Add user meta data

foreach( $profile_info_keys as $key => $label ) {

if ( ‘display_name’ == $key || ‘ID’ == $key || strpos($key, ‘user_’) === 0 )

continue;

if ( $$key != ” || isset($user->$key) )

bb_update_usermeta( $user->ID, $key, $$key );

}

}

if ( bb_current_user_can( ‘edit_users’ ) ) {

if ( !array_key_exists($role, $user->capabilities) ) {

$user_obj->set_role($role); // Only support one role for now

if ( ‘blocked’ == $role && ‘blocked’ != $old_role )

bb_break_password( $user->ID );

elseif ( ‘blocked’ != $role && ‘blocked’ == $old_role )

bb_fix_password( $user->ID );

}

foreach( $profile_admin_keys as $key => $label )

if ( $$key != ” || isset($user->$key) )

bb_update_usermeta( $user->ID, $key, $$key );

foreach( $assignable_caps as $cap => $label ) {

if ( ( !$already = array_key_exists($cap, $user->capabilities) ) && $$cap) {

$user_obj->add_cap($cap);

} elseif ( !$$cap && $already ) {

$user_obj->remove_cap($cap);

}

}

}

//CHANGED – send confirmation emails, log them out

if ($changed_do_email_reset) {

$send_key_result = bb_reset_email( $user->user_login );

if ( is_wp_error( $send_key_result ) )

$error = $send_key_result->get_error_message();

if ($changed_old_email) {

$mail_result = bb_mail( $changed_old_email, bb_get_option(‘name’) . ‘: ‘ . __(‘Email Address Updated’), “Your email address has been updated and a confirmation message has been sent. Thanks!” );

if (!$mail_result) {

new WP_Error(‘sending_mail_failed’, __(‘The email notifying an email address change could not be sent.’));

}

}

//kill their current session and break the password so they can’t log in until a reset.

if ( bb_get_current_user_info( ‘ID’ ) == $user->ID ) {

changed_break_password( $user->ID );

bb_clear_auth_cookie();

}

//ENDCHANGED

} else if ( bb_current_user_can( ‘change_user_password’, $user->ID ) && !empty($_POST) ) {

$_POST = addslashes($_POST);

bb_update_user_password( $user->ID, $_POST );

if ( bb_get_current_user_info( ‘ID’ ) == $user->ID ) {

bb_clear_auth_cookie();

bb_set_auth_cookie( $user->ID );

}

}

do_action(‘profile_edited’, $user->ID);

//CHANGED – lets fire off a message on the template page to explain what we did

if ($changed_do_email_reset) {

wp_redirect( add_query_arg( ’emailupdated’, ‘true’, get_user_profile_link( $user->ID ) ) );

//ENDCHANGED

} else {

wp_redirect( add_query_arg( ‘updated’, ‘true’, get_user_profile_link( $user->ID ) ) );

}

exit;

}

}

then two helper functions

function changed_no_duplicate_email_update_user($email, $id) {

if ($email && $id) {

global $bbdb;

if ($bbdb->get_row($bbdb->prepare("SELECT ID FROM $bbdb->users WHERE user_email = %s AND ID <> %d ", $email, $id))) {

return true;

} else {

return false;

}

}

}

function changed_break_password( $user_id ) {

global $bbdb;

$user_id = (int) $user_id;

if ( !$user = bb_get_user( $user_id ) )

return false;

$secret = substr(bb_hash( ‘changed_break_password’ ), 0, 13);

if ( false === strpos( $user->user_pass, ‘—‘ ) )

return $bbdb->query( $bbdb->prepare(“UPDATE $bbdb->users SET user_pass = CONCAT(user_pass, ‘changed’, %s) WHERE ID = %d”, $secret, $user_id) );

else

return true;

}

Forums

Views

Feeds

Tags

404 admin akismet alpha Anonymous avatar bbpress breadcrumbs buddypress bug cookies css custom database email error Forum forums freshness getting started help htaccess i18n import install installation integration keymaster language localization login menu Moderation mod_rewrite notifications Page pagination password permalink Permalinks permissions PHP phpBB plugin plugins post posts private problem profile redirect register registration replies reply roles RSS search shortcode Shortcodes sidebar spam Sticky tags template templates theme themes TinyMCE topic topics translation upgrade URL user username users widget WordPress wpmu
Skip to toolbar