Enviando o link redefinir senha, programaticamente

Eu tenho essa página criada manualmente:

$user_login = sanitize_text_field( $_GET['user_login'] ); if ( username_exists( $user_login ) || email_exists($user_login) ) { ?>        function submit() { var f = document.getElementById('lostpasswordform'); f.onclick = function () { }; document.lostpasswordform.submit(); }    <form name="lostpasswordform" id="lostpasswordform" action="" method="post"> <input type="hidden" name="user_login" id="user_login" class="input" value="" />     <?php echo "SUCCESS"; exit(); } else { echo "Entered Username or Email was incorrect, please try again!"; } 

… tudo parece certo, mas não funciona quando chamado a partir de um aplicativo, mas se eu visitar manualmente domain.com/forgot-password?user_login=username ele envia a multa de e-mail de reboot.

Solutions Collecting From Web of "Enviando o link redefinir senha, programaticamente"

Então, se você deseja enviar o link de redefinição de senha e você tiver access à base de código, você pode usar o seguinte trecho e você pode modificá-lo ainda mais, na verdade esse código é uma versão ligeiramente modificada do wp-login.php

 /** * Handles sending password retrieval email to user. * * @uses $wpdb WordPress Database object * @param string $user_login User Login or Email * @return bool true on success false on error */ function retrieve_password($user_login) { global $wpdb, $current_site; if ( empty( $user_login) ) { return false; } else if ( strpos( $user_login, '@' ) ) { $user_data = get_user_by( 'email', trim( $user_login ) ); if ( empty( $user_data ) ) return false; } else { $login = trim($user_login); $user_data = get_user_by('login', $login); } do_action('lostpassword_post'); if ( !$user_data ) return false; // redefining user_login ensures we return the right case in the email $user_login = $user_data->user_login; $user_email = $user_data->user_email; do_action('retreive_password', $user_login); // Misspelled and deprecated do_action('retrieve_password', $user_login); $allow = apply_filters('allow_password_reset', true, $user_data->ID); if ( ! $allow ) return false; else if ( is_wp_error($allow) ) return false; $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login)); if ( empty($key) ) { // Generate something random for a key... $key = wp_generate_password(20, false); do_action('retrieve_password_key', $user_login, $key); // Now insert the new md5 key into the db $wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login)); } $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n"; $message .= network_home_url( '/' ) . "\r\n\r\n"; $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n"; $message .= __('To reset your password, visit the following address:') . "\r\n\r\n"; $message .= '< ' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n"; if ( is_multisite() ) $blogname = $GLOBALS['current_site']->site_name; else // The blogname option is escaped with esc_html on the way into the database in sanitize_option // we want to reverse this for the plain text arena of emails. $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); $title = sprintf( __('[%s] Password Reset'), $blogname ); $title = apply_filters('retrieve_password_title', $title); $message = apply_filters('retrieve_password_message', $message, $key); if ( $message && !wp_mail($user_email, $title, $message) ) wp_die( __('The e-mail could not be sent.') . "
\n" . __('Possible reason: your host may have disabled the mail() function...') ); return true; } $user_login = sanitize_text_field( $_GET['user_login'] ); if (retrieve_password($user_login)) { echo "SUCCESS"; } else { echo "ERROR"; }

A resposta anterior não funcionou para mim (diz que o código é inválido, na página de login do wp), provavelmente porque a resposta é de 1,5 anos de idade, e algo é alterado no código WP, então eu atualizei esse código um pouco (também de wp-login.php), aqui está:

 function retrieve_password($user_login){ global $wpdb, $wp_hasher; $user_login = sanitize_text_field($user_login); if ( empty( $user_login) ) { return false; } else if ( strpos( $user_login, '@' ) ) { $user_data = get_user_by( 'email', trim( $user_login ) ); if ( empty( $user_data ) ) return false; } else { $login = trim($user_login); $user_data = get_user_by('login', $login); } do_action('lostpassword_post'); if ( !$user_data ) return false; // redefining user_login ensures we return the right case in the email $user_login = $user_data->user_login; $user_email = $user_data->user_email; do_action('retreive_password', $user_login); // Misspelled and deprecated do_action('retrieve_password', $user_login); $allow = apply_filters('allow_password_reset', true, $user_data->ID); if ( ! $allow ) return false; else if ( is_wp_error($allow) ) return false; $key = wp_generate_password( 20, false ); do_action( 'retrieve_password_key', $user_login, $key ); if ( empty( $wp_hasher ) ) { require_once ABSPATH . 'wp-includes/class-phpass.php'; $wp_hasher = new PasswordHash( 8, true ); } $hashed = $wp_hasher->HashPassword( $key ); $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) ); $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n"; $message .= network_home_url( '/' ) . "\r\n\r\n"; $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n"; $message .= __('To reset your password, visit the following address:') . "\r\n\r\n"; $message .= '< ' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n"; if ( is_multisite() ) $blogname = $GLOBALS['current_site']->site_name; else $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); $title = sprintf( __('[%s] Password Reset'), $blogname ); $title = apply_filters('retrieve_password_title', $title); $message = apply_filters('retrieve_password_message', $message, $key); if ( $message && !wp_mail($user_email, $title, $message) ) wp_die( __('The e-mail could not be sent.') . "
\n" . __('Possible reason: your host may have disabled the mail() function...') ); echo '

Link for password reset has been emailed to you. Please check your email.

';; }

Notei que, depois de atualizar o WordPress para a Versão 4.3, o acima não funcionou para o meu plugin personalizado. Sempre informaria que a chave era inválida.

Mudança:

 $hashed = $wp_hasher->HashPassword( $key ); 

para

 $hashed = time() . ':' . $wp_hasher->HashPassword( $key ); 

Isso corrigiu o problema para mim, espero que ajude alguém

WordPress 4.3.1

 function retrieve_password($user_login){ global $wpdb, $wp_hasher; $user_login = sanitize_text_field($user_login); if ( empty( $user_login) ) { return false; } else if ( strpos( $user_login, '@' ) ) { $user_data = get_user_by( 'email', trim( $user_login ) ); if ( empty( $user_data ) ) return false; } else { $login = trim($user_login); $user_data = get_user_by('login', $login); } do_action('lostpassword_post'); if ( !$user_data ) return false; // redefining user_login ensures we return the right case in the email $user_login = $user_data->user_login; $user_email = $user_data->user_email; do_action('retreive_password', $user_login); // Misspelled and deprecated do_action('retrieve_password', $user_login); $allow = apply_filters('allow_password_reset', true, $user_data->ID); if ( ! $allow ) return false; else if ( is_wp_error($allow) ) return false; $key = wp_generate_password( 20, false ); do_action( 'retrieve_password_key', $user_login, $key ); if ( empty( $wp_hasher ) ) { require_once ABSPATH . 'wp-includes/class-phpass.php'; $wp_hasher = new PasswordHash( 8, true ); } $hashed = $wp_hasher->HashPassword( $key ); $wpdb->update( $wpdb->users, array( 'user_activation_key' => time().":".$hashed ), array( 'user_login' => $user_login ) ); $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n"; $message .= network_home_url( '/' ) . "\r\n\r\n"; $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n"; $message .= __('To reset your password, visit the following address:') . "\r\n\r\n"; $message .= '< ' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n"; if ( is_multisite() ) $blogname = $GLOBALS['current_site']->site_name; else $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); $title = sprintf( __('[%s] Password Reset'), $blogname ); $title = apply_filters('retrieve_password_title', $title); $message = apply_filters('retrieve_password_message', $message, $key); if ( $message && !wp_mail($user_email, $title, $message) ) wp_die( __('The e-mail could not be sent.') . "
\n" . __('Possible reason: your host may have disabled the mail() function...') ); echo '

Link for password reset has been emailed to you. Please check your email.

';; }

Experimente isso

 $wpdb->update( $wpdb->users, array( 'user_activation_key' => $key ), array( 'user_login' => $user_login ) ); 

ao invés de

 $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) ); 

Funcionou-me (wordpress 4.3.1)

Nenhuma das respostas acima funcionou para mim, então eu olhei para o wp-login.php para sua funcionalidade de reboot padrão. Eles usaram a function get_password_reset_key ($ userData). Caso alguém tenha abordado as respostas acima, aqui está a minha solução:

  $userData = get_userdata($user_id); $user_login = $userData->user_login; $user_email = $userData->user_email; $key = get_password_reset_key( $userData ); $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n"; $message .= network_home_url( '/' ) . "\r\n\r\n"; $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n"; $message .= __('To reset your password, visit the following address:') . "\r\n\r\n"; $message .= network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login');