Skip to:
Content
Pages
Categories
Search
Top
Bottom

Re: Forcing Password Reset (not *don't want to*)

Sure… but be forewarned. i’m not familiar with php whatsoever and the bbPress structure. (so i’m sure i violated something) this is on 1.0. Not sure if this can be made into a plug-in or not, I have yet to read up on how to create those and the filter/hook stuff.

(i have a small community ~1000 when all said and done – but some are savvy with firebug would just edit the form fields if disabled)

profile-edit.php in the main root – everything labeled CHANGED

// Instantiate the error object

$errors = new WP_Error;

if ( ‘post’ == strtolower($_SERVER) ) {

$_POST = stripslashes_deep( $_POST );

bb_check_admin_referer( ‘edit-profile_’ . $user_id );

// Fix the URL before sanitizing it

$user_url = bb_fix_link( $_POST );

// Sanitize the profile info keys and check for missing required data

foreach ( $profile_info_keys as $key => $label ) {

$$key = apply_filters( ‘sanitize_profile_info’, $_POST[$key], $key, $_POST[$key] );

if ( !$$key && $label[0] == 1 ) {

$errors->add( $key, sprintf( __( ‘%s is required.’ ), esc_html( $label[1] ) ) );

$$key = false;

}

}

// Find out if we have a valid email address

if ( isset( $user_email ) && !$user_email = is_email( $user_email ) ) {

$errors->add( ‘user_email’, __( ‘Invalid email address’ ), array( ‘data’ => $_POST ) );

}

//CHANGED – added for duplicate email check on profile update

if (isset( $user_email )) {

if(changed_no_duplicate_email_update_user($user_email, $user->ID)) {

$bad_input = true;

$$key = false;

$errors->add( ‘user_email’, __( ‘Email address already in use’ ), array( ‘data’ => $_POST ) );

}

}

//ENDCHANGED

// Deal with errors for users who can edit others data

if ( bb_current_user_can(‘edit_users’) ) {

// If we are deleting just do it and redirect

if ( isset($_POST) && $_POST && $bb_current_id != $user->ID ) {

bb_delete_user( $user->ID );

wp_redirect( bb_get_uri(null, null, BB_URI_CONTEXT_HEADER) );

exit;

}

// Get the user object

$user_obj = new BP_User( $user->ID );

// Store the new role

$role = $_POST;

// Deal with errors with the role

if ( !isset($wp_roles->role_objects[$role]) ) {

$errors->add( ‘role’, __( ‘Invalid Role’ ) );

} elseif ( !bb_current_user_can( ‘keep_gate’ ) && ( ‘keymaster’ == $role || ‘keymaster’ == $user_obj->roles[0] ) ) {

$errors->add( ‘role’, __( ‘You are not the Gate Keeper.’ ) );

} elseif ( ‘keymaster’ == $user_obj->roles[0] && ‘keymaster’ != $role && $bb_current_id == $user->ID ) {

$errors->add( ‘role’, __( ‘You are Keymaster, so you may not demote yourself.’ ) );

}

// Sanitize the profile admin keys and check for missing required data

foreach ( $profile_admin_keys as $key => $label ) {

if ( isset( $$key ) )

continue;

$$key = apply_filters( ‘sanitize_profile_admin’, $_POST[$key], $key, $_POST[$key] );

if ( !$$key && $label[0] == 1 ) {

$errors->add( $key, sprintf( __( ‘%s is required.’ ), esc_html( $label[1] ) ) );

$$key = false;

}

}

// Create variable for the requested roles

foreach ( $assignable_caps as $cap => $label ) {

if ( isset($$cap) )

continue;

$$cap = ( isset($_POST[$cap]) && $_POST[$cap] ) ? 1 : 0;

}

}

// Deal with errors generated from the password form

if ( bb_current_user_can( ‘change_user_password’, $user->ID ) ) {

if ( ( !empty($_POST) || !empty($_POST) ) && $_POST !== $_POST ) {

$errors->add( ‘pass’, __( ‘You must enter the same password twice.’ ) );

} elseif( !empty($_POST) && !bb_current_user_can( ‘change_user_password’, $user->ID ) ) {

$errors->add( ‘pass’, __( “You are not allowed to change this user’s password.” ) );

}

}

// If there are no errors then update the records

if ( !$errors->get_error_codes() ) {

do_action(‘before_profile_edited’, $user->ID);

//CHANGED – did we reset the email?

$changed_do_email_reset = false;

//ENDCHANGED

if ( bb_current_user_can( ‘edit_user’, $user->ID ) ) {

//CHANGED- if user updates email address – generate new password and email

if ($user->user_email != $user_email) {

$changed_do_email_reset = true;

$changed_old_email = $user->user_email;

}

//ENDCHANGED

// All these are always set at this point

bb_update_user( $user->ID, $user_email, $user_url, $display_name );

// Add user meta data

foreach( $profile_info_keys as $key => $label ) {

if ( ‘display_name’ == $key || ‘ID’ == $key || strpos($key, ‘user_’) === 0 )

continue;

if ( $$key != ” || isset($user->$key) )

bb_update_usermeta( $user->ID, $key, $$key );

}

}

if ( bb_current_user_can( ‘edit_users’ ) ) {

if ( !array_key_exists($role, $user->capabilities) ) {

$user_obj->set_role($role); // Only support one role for now

if ( ‘blocked’ == $role && ‘blocked’ != $old_role )

bb_break_password( $user->ID );

elseif ( ‘blocked’ != $role && ‘blocked’ == $old_role )

bb_fix_password( $user->ID );

}

foreach( $profile_admin_keys as $key => $label )

if ( $$key != ” || isset($user->$key) )

bb_update_usermeta( $user->ID, $key, $$key );

foreach( $assignable_caps as $cap => $label ) {

if ( ( !$already = array_key_exists($cap, $user->capabilities) ) && $$cap) {

$user_obj->add_cap($cap);

} elseif ( !$$cap && $already ) {

$user_obj->remove_cap($cap);

}

}

}

//CHANGED – send confirmation emails, log them out

if ($changed_do_email_reset) {

$send_key_result = bb_reset_email( $user->user_login );

if ( is_wp_error( $send_key_result ) )

$error = $send_key_result->get_error_message();

if ($changed_old_email) {

$mail_result = bb_mail( $changed_old_email, bb_get_option(‘name’) . ‘: ‘ . __(‘Email Address Updated’), “Your email address has been updated and a confirmation message has been sent. Thanks!” );

if (!$mail_result) {

new WP_Error(‘sending_mail_failed’, __(‘The email notifying an email address change could not be sent.’));

}

}

//kill their current session and break the password so they can’t log in until a reset.

if ( bb_get_current_user_info( ‘ID’ ) == $user->ID ) {

changed_break_password( $user->ID );

bb_clear_auth_cookie();

}

//ENDCHANGED

} else if ( bb_current_user_can( ‘change_user_password’, $user->ID ) && !empty($_POST) ) {

$_POST = addslashes($_POST);

bb_update_user_password( $user->ID, $_POST );

if ( bb_get_current_user_info( ‘ID’ ) == $user->ID ) {

bb_clear_auth_cookie();

bb_set_auth_cookie( $user->ID );

}

}

do_action(‘profile_edited’, $user->ID);

//CHANGED – lets fire off a message on the template page to explain what we did

if ($changed_do_email_reset) {

wp_redirect( add_query_arg( ’emailupdated’, ‘true’, get_user_profile_link( $user->ID ) ) );

//ENDCHANGED

} else {

wp_redirect( add_query_arg( ‘updated’, ‘true’, get_user_profile_link( $user->ID ) ) );

}

exit;

}

}

then two helper functions

function changed_no_duplicate_email_update_user($email, $id) {

if ($email && $id) {

global $bbdb;

if ($bbdb->get_row($bbdb->prepare("SELECT ID FROM $bbdb->users WHERE user_email = %s AND ID <> %d ", $email, $id))) {

return true;

} else {

return false;

}

}

}

function changed_break_password( $user_id ) {

global $bbdb;

$user_id = (int) $user_id;

if ( !$user = bb_get_user( $user_id ) )

return false;

$secret = substr(bb_hash( ‘changed_break_password’ ), 0, 13);

if ( false === strpos( $user->user_pass, ‘—‘ ) )

return $bbdb->query( $bbdb->prepare(“UPDATE $bbdb->users SET user_pass = CONCAT(user_pass, ‘changed’, %s) WHERE ID = %d”, $secret, $user_id) );

else

return true;

}

Skip to toolbar