[wp-trac] [WordPress Trac] #24783: user_activation_key is not hashed in the database
WordPress Trac
noreply at wordpress.org
Sat Aug 31 00:20:05 UTC 2013
#24783: user_activation_key is not hashed in the database
-------------------------+------------------
Reporter: harrym | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.7
Component: Users | Version: 3.6
Severity: normal | Resolution:
Keywords: has-patch |
-------------------------+------------------
Changes (by nacin):
* keywords: => has-patch
* milestone: Awaiting Review => 3.7
Comment:
[attachment:24783.diff] implements this. Works like a charm.
When someone tries to used an older, unhashed user_activation_key, it
changes the error message from "Sorry, that key does not appear to be
valid." to "Sorry, that key has expired. Please try again." — and it gives
you the form to immediately request a password reset email again.
This way, we don't annoyingly invalidate all existing keys without
providing any kind of feedback to a user that loses their password right
around the time of an update done by someone else. (Think, especially, a
big WP install.)
This will have major implications for BackPress-driven sites like bbPress
1.x (so, a lot of WordPress.org). '''Please do not commit''' until we
figure out this piece.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24783#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list