[wp-hackers] reset &send user pass

24/7 24-7 at gmx.net
Tue Mar 2 15:29:10 UTC 2010

So far i have only found a *lame* sollution to resend the wp_mail on a
per-user base: https://core.trac.wordpress.org/ticket/12461

I hope someone got an idea on how to reset the pass for the user without
resending the email with the "click this link to reset and resend pass"-link

- K.

-----Ursprüngliche Nachricht-----
Von: Jared Bangs [mailto:jaredbangs at gmail.com] 
Gesendet: Freitag, 26. Februar 2010 16:51
An: wp-hackers at lists.automattic.com
Betreff: Re: [wp-hackers] reset &send user pass

On Fri, Feb 26, 2010 at 4:55 AM, 24/7 <24-7 at gmx.net> wrote:
> @Jared: Do you have a link for your plugin? I couldn´t find it on the web.

Unfortunately I don't know if I still have it. I did it as part of a
project for someone else quite a while ago, and I don't think they
ever released it publicly.

>> If you (or your client, etc.) insists on going that route, you could
>> probably look through the code for the methods that need to be called,
>> etc., but sending them a link to the normal password reset process
>> would certainly be a lot less work and better in terms of security.
> I´m just trying to trigger what´s already in use and not just the
> "do you want to reset"-mail from wp-login.php - line 108-183.
> If i copy-paste the wp-login.php (line 185-234) code and populate
> it with the right values, i *should* be able to resend it. (So it should
> be of the same "security level" wp already provides with the way it
> behaves.) My problem is, that i don´t see how to send the mail
> (i think i´m routine-blinded or simply... stupid).

On the issue of sending the email, WP has some built-in functions for
sending emails that should be available to your plugin. Check the code
from some of the more popular plugins that deal with sending email
notifications for sample usage.

On the security front, I was slightly confused, in that I did not
think WP sent the password via email during the password reset
process, but now that I review it I can see that it does, so you are
correct; it basically should be no different than that.

More information about the wp-hackers mailing list