Merge pull request #1433 from sapayth/fix/reset_password

fix: reset password not working
weDevsOfficial · Feb 6, 2024 · e2257f1 · e2257f1
2 parents e43cc0c + 807902a
commit e2257f1
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 16 deletions.
diff --git a/includes/Free/Simple_Login.php b/includes/Free/Simple_Login.php
@@ -4,6 +4,8 @@
 
 use WeDevs\Wpuf\Render_Form;
 use WeDevs\Wpuf\WPUF_User;
+use WP_Error;
+use WP_User;
 
 /**
  * Login and forgot password handler class
@@ -157,7 +159,7 @@ public function validate_custom_fields( $user, $password ) {
         if ( $recaptcha === 'on' ) {
             if ( isset( $_REQUEST['g-recaptcha-response'] ) ) {
                 if ( empty( $_REQUEST['g-recaptcha-response'] ) ) {
-                    $user = new \WP_Error( 'WPUFLoginCaptchaError', 'Empty reCaptcha Field.' );
+                    $user = new WP_Error( 'WPUFLoginCaptchaError', 'Empty reCaptcha Field.' );
                 } else {
                     $no_captcha        = 1;
                     $invisible_captcha = 0;
@@ -359,6 +361,10 @@ public function login_form() {
                 case 'lostpassword':
                     $checkemail = isset( $getdata['checkemail'] ) ? sanitize_text_field( $getdata['checkemail'] ) : '';
 
+                    if ( $this->login_errors ) {
+                        wpuf_load_template( 'lost-pass-form.php', $args );
+                        break;
+                    }
                     if ( 'confirm' === $checkemail ) {
                         $this->messages[] = __( 'Check your e-mail for the confirmation link.', 'wp-user-frontend' );
                     }
@@ -425,7 +431,7 @@ public function process_login() {
             $pwd = isset( $_POST['pwd'] ) ? trim( $_POST['pwd'] ) : '';
             // $g_recaptcha_response = isset( $_POST['g-recaptcha-response'] ) ? sanitize_text_field( wp_unslash( $_POST['g-recaptcha-response'] ) ) : '';
 
-            $validation_error = new \WP_Error();
+            $validation_error = new WP_Error();
             $validation_error = apply_filters( 'wpuf_process_login_errors', $validation_error, $log, $pwd );
 
             if ( $validation_error->get_error_code() ) {
@@ -623,8 +629,11 @@ public function process_reset_password() {
 
         // process lost password form
         if ( isset( $_POST['user_login'] ) && isset( $_POST['_wpnonce'] ) ) {
-            $nonce = sanitize_key( wp_unslash( $_POST['_wpnonce'] ) );
-            wp_verify_nonce( $nonce, 'wpuf_lost_pass' );
+            $nonce = ! empty( $_POST['_wpnonce'] ) ? sanitize_key( wp_unslash( $_POST['_wpnonce'] ) ) : '';
+
+            if ( ! empty( $nonce) && ! wp_verify_nonce( $nonce, 'wpuf_lost_pass' ) ) {
+                return ;
+            }
 
             if ( $this->retrieve_password() ) {
                 $url = add_query_arg(
@@ -655,8 +664,6 @@ public function process_reset_password() {
                 $args['key']   = $key;
                 $args['login'] = $login;
 
-                wp_verify_nonce( $nonce, 'wpuf_reset_pass' );
-
                 if ( empty( $pass1 ) || empty( $pass2 ) ) {
                     $this->login_errors[] = __( 'Please enter your password.', 'wp-user-frontend' );
 
@@ -669,7 +676,7 @@ public function process_reset_password() {
                     return;
                 }
 
-                $errors = new \WP_Error();
+                $errors = new WP_Error();
 
                 do_action( 'validate_password_reset', $errors, $user );
 
@@ -784,7 +791,7 @@ public function successfully_authenticate( $user, $username, $password ) {
         if ( ! is_wp_error( $user ) ) {
             if ( $user->ID ) {
                 $resend_link = add_query_arg( 'resend_activation', $user->ID, $this->get_login_url() );
-                $error       = new \WP_Error();
+                $error       = new WP_Error();
                 $wpuf_user   = new WPUF_User( $user->ID );
 
                 if ( ! $wpuf_user->is_verified() ) {
@@ -916,10 +923,10 @@ public function activation_user_registration() {
      *
      * @since 2.2
      *
-     * @return \WP_Error
+     * @return WP_Error
      */
     public function user_activation_message() {
-        return new \WP_Error( 'user-activated', __( 'Your account has been activated', 'wp-user-frontend' ), 'message' );
+        return new WP_Error( 'user-activated', __( 'Your account has been activated', 'wp-user-frontend' ), 'message' );
     }
 
     public function wp_login_page_redirect() {

diff --git a/templates/login-form.php b/templates/login-form.php
@@ -15,8 +15,10 @@
     }
     ?>
 
-    <?php wpuf()->frontend->simple_login->show_errors(); ?>
-    <?php wpuf()->frontend->simple_login->show_messages(); ?>
+    <?php
+        wpuf()->frontend->simple_login->show_errors();
+        wpuf()->frontend->simple_login->show_messages();
+    ?>
 
     <form name="loginform" class="wpuf-login-form" id="loginform" action="<?php echo esc_attr( $action_url ); ?>" method="post">
         <p>

diff --git a/templates/lost-pass-form.php b/templates/lost-pass-form.php
@@ -8,8 +8,10 @@
 ?>
 <div class="login" id="wpuf-login-form">
 
-	<?php Simple_Login::init()->show_errors(); ?>
-	<?php Simple_Login::init()->show_messages(); ?>
+    <?php
+        wpuf()->frontend->simple_login->show_errors();
+        wpuf()->frontend->simple_login->show_messages();
+    ?>
 
 	<form name="lostpasswordform" id="lostpasswordform" action="" method="post">
 		<p>

diff --git a/templates/reset-pass-form.php b/templates/reset-pass-form.php
@@ -7,8 +7,10 @@
 ?>
 <div class="login" id="wpuf-login-form">
 
-    <?php Simple_Login::init()->show_errors(); ?>
-    <?php Simple_Login::init()->show_messages(); ?>
+    <?php
+        wpuf()->frontend->simple_login->show_errors();
+        wpuf()->frontend->simple_login->show_messages();
+    ?>
 
     <form name="resetpasswordform" id="resetpasswordform" action="" method="post">
         <p>