[wp-trac] Re: [WordPress Trac] #9682: Move wp-login.php function
definitions to pluggable.php
WordPress Trac
wp-trac at lists.automattic.com
Thu Apr 30 16:04:10 GMT 2009
#9682: Move wp-login.php function definitions to pluggable.php
--------------------------+-------------------------------------------------
Reporter: misterbisson | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 2.8
Component: Users | Version: 2.7.1
Severity: normal | Keywords: has-patch needs-testing 2nd-opinion
--------------------------+-------------------------------------------------
Comment(by Denis-de-Bernardy):
Replying to [comment:10 misterbisson]:
> The retrieve_password_key action only gets fired if the
user_activation_key in the users table is empty.
>
> The $key stored in the users table never expires (so far as I can tell).
>
> The $key stored in the users table will be re-used for future password
resets (as far as I can tell).
actually... it's unset in wp_set_password(). so that it only gets fired
once -- until used up. this is probably desirable, too, so as to avoid
getting repeated email if the form is the target of a robot.
that it doesn't expire is a potential issue, but it's going to trigger
such a debate in trac that it probably belongs in a separate ticket.
> The password_reset action happens after the $key has been validated
(preventing plugins from doing their own validation/expiration).
shouldn't this be the job of a separate action? that way you get to keep
the best of both worlds: if the user is sent an email by WP and an SMS,
the first would send him to ?action=rp&key=foo, and the second would send
him to ?action=smsrp&smskey=foo.
you'd generate smskey on the fly on do_action(retrieve_password) or
do_action(retrieve_password_key), whichever makes the most sense, and
proceed as needed from there.
you're correct on the has_filter. fixing this right away.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9682#comment:14>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list