[wp-hackers] reset &send user pass

Jared Bangs jaredbangs at gmail.com
Fri Feb 26 15:50:44 UTC 2010

On Fri, Feb 26, 2010 at 4:55 AM, 24/7 <24-7 at gmx.net> wrote:
> @Jared: Do you have a link for your plugin? I couldn´t find it on the web.

Unfortunately I don't know if I still have it. I did it as part of a
project for someone else quite a while ago, and I don't think they
ever released it publicly.

>> If you (or your client, etc.) insists on going that route, you could
>> probably look through the code for the methods that need to be called,
>> etc., but sending them a link to the normal password reset process
>> would certainly be a lot less work and better in terms of security.
> I´m just trying to trigger what´s already in use and not just the
> "do you want to reset"-mail from wp-login.php - line 108-183.
> If i copy-paste the wp-login.php (line 185-234) code and populate
> it with the right values, i *should* be able to resend it. (So it should
> be of the same "security level" wp already provides with the way it
> behaves.) My problem is, that i don´t see how to send the mail
> (i think i´m routine-blinded or simply... stupid).

On the issue of sending the email, WP has some built-in functions for
sending emails that should be available to your plugin. Check the code
from some of the more popular plugins that deal with sending email
notifications for sample usage.

On the security front, I was slightly confused, in that I did not
think WP sent the password via email during the password reset
process, but now that I review it I can see that it does, so you are
correct; it basically should be no different than that.

More information about the wp-hackers mailing list