wordpresswordpress-login

$user_login does not append to WP password reset link after key

I'm using HTML custom email templates for Wordpress notifications.

Every template works fine. For some reason, though - the password reset template (which works fine otherwise) will not append the user_login variable at the end of the password reset link - which is vital for the key to be valid. The link without the $user_login renders an "invalid key" error on the WP password reset page.

An example of the string in the link is below - note the missing login=username at the very end.

url/wp-login.php?redirect_to=url?action=rp&key=12345678910&login=http://url.com/wp-login.php?redirect_to=url?action=rp&key=12345678910&login=

Here is the code I'm using to modify the template. Does anyone know why this is happening - and if so, how I can fix it?

add_filter ('retrieve_password_message', 'custom_retrieve_password_message', 10, 2);
function custom_retrieve_password_message($content, $key) {
global $wpdb;
$user_login = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_activation_key = '$key'");
ob_start();
$email_subject = custom_retrieve_password_title();
include('email_header.php');
?>

<p>It looks like you need to reset your password for your account!</p>
<p>To reset your password, visit the following address, otherwise just ignore this email and nothing will happen.<p>
<a href="<?php echo wp_login_url("url") ?>?action=rp&key=<?php echo $key ?>&login=<?php echo $user_login ?>">Reset password</a> 

<?php
include('email_footer.php');
$message = ob_get_contents();
ob_end_clean();
return $message;
}
Solution

  • For anyone interested, this is another solution:

    add_filter ('retrieve_password_message', 'custom_retrieve_password_message', 10, 2);
function custom_retrieve_password_message($content, $key) {
global $wpdb;
if ( empty( $_POST['user_login'] ) ) {
     wp_die('<strong>ERROR</strong>: Enter a username or e-mail address.');
 } else if ( strpos( $_POST['user_login'], '@' ) ) {
     $user_data = get_user_by( 'email', trim( $_POST['user_login'] ) );
 }else if(!empty( $_POST['user_login'] )){
     $user_data = get_user_by('login', trim( $_POST['user_login']));
 }elseif ( empty( $user_data ) ){
     wp_die('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
 }
$user_login_name=$user_data->user_login;
ob_start();
$email_subject = 'Your password has been changed';
include('email_header.php');
?>
<p>It looks like you need to reset your password. <br/>To reset your password, <a href="<?php echo wp_login_url("url") ?>?action=rp&key=<?php echo $key ?>&login=<?php echo $user_login_name; ?>">click here</a>, otherwise just ignore this email and nothing will happen.<p>

<?php
include('email_footer.php');
$message = ob_get_contents();
ob_end_clean();
return $message;
}