检查自定义登录表单上的用户名是否正确

时间：2011-04-13 作者：Pippin

我使用Jeff Star的教程创建了自己的自定义登录表单http://digwp.com/2010/12/login-register-password-code/. 它工作得很好，但我有一个问题。在重置密码表单上，如果有人输入的用户名不正确（因此无法验证），他们将被踢到默认的wp登录。php？操作=丢失密码并显示错误消息。

有没有办法重定向到我自己的错误页面？

谢谢

3 个回复

最合适的回答,由SO网友:Bainternet 整理而成

他在那篇教程（非常好的BTW）中发布的代码是指向内置“重置密码”模块的表单，该模块重定向到登录。php错误，但您可以更改该错误，并在原始的基础上构建自己的，并将其添加到模板页面，更改：

<form method="post" action="<?php echo site_url(\'wp-login.php?action=lostpassword\', \'login_post\') ?>" class="wp-user-form">
    <div class="username">
        <label for="user_login" class="hide"><?php _e(\'Username or Email\'); ?>: </label>
        <input type="text" name="user_login" value="" size="20" id="user_login" tabindex="1001" />
    </div>
    <div class="login_fields">
        <?php do_action(\'login_form\', \'resetpass\'); ?>
        <input type="submit" name="user-submit" value="<?php _e(\'Reset my password\'); ?>" class="user-submit" tabindex="1002" />
        <?php $reset = $_GET[\'reset\']; if($reset == true) { echo \'<p>A message will be sent to your email address.</p>\'; } ?>
        <input type="hidden" name="redirect_to" value="<?php echo $_SERVER[\'REQUEST_URI\']; ?>?reset=true" />
        <input type="hidden" name="user-cookie" value="1" />
    </div>
</form>

收件人：

<form method="post" action="<?php echo $_SERVER[\'REQUEST_URI\']; ?>" class="wp-user-form">
<div class="username">
    <label for="user_login" class="hide"><?php _e(\'Username or Email\'); ?>: </label>
    <input type="text" name="user_login" value="" size="20" id="user_login" tabindex="1001" />
</div>
<div class="login_fields">
    <?php do_action(\'login_form\', \'resetpass\'); ?>
    <input type="submit" name="user-submit" value="<?php _e(\'Reset my password\'); ?>" class="user-submit" tabindex="1002" />

    <?php
    if (isset($_POST[\'reset_pass\']))
    {
        global $wpdb;
        $username = trim($_POST[\'user_login\']);
        $user_exists = false;
        if (username_exists($username))
        {
            $user_exists = true;
            $user_data = get_userdatabylogin($username);
        } elseif (email_exists($username))
        {

            $user_exists = true;
            $user = get_user_by_email($username);
        } else
        {
            $error[] = \'<p>\' . __(\'Username or Email was not found, try again!\') . \'</p>\';
        }
        if ($user_exists)
        {
            $user_login = $user->user_login;
            $user_email = $user->user_email;
            // Generate something random for a password... md5\'ing current time with a rand salt
            $key = substr(md5(uniqid(microtime())), 0, 8);
            // Now insert the new pass md5\'d into the db
            $wpdb->query("UPDATE $wpdb->users SET user_activation_key = \'$key\' WHERE user_login = \'$user_login\'");
            //create email message
            $message = __(\'Someone has asked to reset the password for the following site and username.\') . "\\r\\n\\r\\n";
            $message .= get_option(\'siteurl\') . "\\r\\n\\r\\n";
            $message .= sprintf(__(\'Username: %s\'), $user_login) . "\\r\\n\\r\\n";
            $message .= __(\'To reset your password visit the following address, otherwise just ignore this email and nothing will happen.\') . "\\r\\n\\r\\n";
            $message .= get_option(\'siteurl\') . "/wp-login.php?action=rp&key=$key\\r\\n";
            //send email meassage
            if (FALSE == wp_mail($user_email, sprintf(__(\'[%s] Password Reset\'), get_option(\'blogname\')), $message))
            $error[] = \'<p>\' . __(\'The e-mail could not be sent.\') . "<br />\\n" . __(\'Possible reason: your host may have disabled the mail() function...\') . \'</p>\';
        }
        if (count($error) > 0)
        {
            foreach ($error as $e)
            {
                echo $e . \'<br/>\';
            }
        } else
        {
            echo \'<p>\' . __(\'A message will be sent to your email address.\') . \'</p>\';
        }
    }
    ?> 
    <input type="hidden" name="reset_pass" value="1" />
    <input type="hidden" name="user-cookie" value="1" />
</div>
</form>

SO网友:owise1

这里是@bainternet的代码的更新版本，语法错误已更正，@Val的建议和wp登录的密钥生成器。php 3.4.2：

global $wpdb;
$username = trim($_POST[\'user_login\']);
$user_exists = false;
// First check by username
if ( username_exists( $username ) ){
    $user_exists = true;
    $user = get_user_by(\'login\', $username);
}
// Then, by e-mail address
elseif( email_exists($username) ){
        $user_exists = true;
        $user = get_user_by_email($username);
}else{
    $error[] = \'<p>\'.__(\'Username or Email was not found, try again!\').\'</p>\';
}
if ($user_exists){
    $user_login = $user->user_login;
    $user_email = $user->user_email;

    $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
    if ( empty($key) ) {
        // Generate something random for a key...
        $key = wp_generate_password(20, false);
        do_action(\'retrieve_password_key\', $user_login, $key);
        // Now insert the new md5 key into the db
        $wpdb->update($wpdb->users, array(\'user_activation_key\' => $key), array(\'user_login\' => $user_login));
    }

    //create email message
    $message = __(\'Someone has asked to reset the password for the following site and username.\') . "\\r\\n\\r\\n";
    $message .= get_option(\'siteurl\') . "\\r\\n\\r\\n";
    $message .= sprintf(__(\'Username: %s\'), $user_login) . "\\r\\n\\r\\n";
    $message .= __(\'To reset your password visit the following address, otherwise just ignore this email and nothing will happen.\') . "\\r\\n\\r\\n";
    $message .= network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), \'login\') . "&redirect_to=".urlencode(get_option(\'siteurl\'))."\\r\\n";
    //send email meassage
    if (FALSE == wp_mail($user_email, sprintf(__(\'[%s] Password Reset\'), get_option(\'blogname\')), $message))
    $error[] = \'<p>\' . __(\'The e-mail could not be sent.\') . "<br />\\n" . __(\'Possible reason: your host may have disabled the mail() function...\') . \'</p>\';
}
if (count($error) > 0 ){
    foreach($error as $e){
                echo $e . "<br/>";
            }
}else{
    echo \'<p>\'.__(\'A message will be sent to your email address.\').\'</p>\'; 
}

SO网友:Mick

我仍然遇到重置密钥工作不正常的问题，电子邮件中的链接会将我重定向到标准密码重置页面，URL参数表示密钥有问题，因此我更密切地关注wp登录。php文件，并包含$wp\\u hasher对象，这修复了问题，并在电子邮件中重置了密码，现在可以正常工作了

if (($_SERVER[\'REQUEST_METHOD\'] === (string) \'POST\') && (isset($_POST[\'reset_pass\']))) {

// Acccess global properties
global $wpdb, $wp_hasher;


// Variables
$error_pass_reset = array();
$username         = (string) trim($_POST[\'user_login\']);
$user_exists      = (bool)   false;



// ---- USERNAME OR EMAIL EXISTS ---- //
if (username_exists($username)) {
    $user_exists = (bool)   true;
    $user        = (object) get_user_by(\'login\', $username);
} // end if

else if (email_exists($username)) {
    $user_exists = (bool)   true;
    $user        = (object) get_user_by(\'email\', $username);
} // end else if

else {
    $error_pass_reset[] = \'<p>Username or Email was not found, please try again.</p>\';
} // end else



// ---- USER EXISTS ---- //
if ($user_exists === (bool) true) {
    // Variables
    $user_login = (string) $user -> user_login;
    $user_email = (string) $user -> user_email;


    // Generate password reset key
if (empty($key)) {
    $key = (string) wp_generate_password(20, false);

    do_action(\'retrieve_password_key\', $user_login, $key);


    // Create the $wp_hasher object
    if (empty($wp_hasher)) {
        require_once(ABSPATH . WPINC . \'/class-phpass.php\');

        $wp_hasher = new PasswordHash(8, true);
    }

    // Reset key with hasher applied (MD5 has string output)
    $hashed = (string) time() . \':\' . $wp_hasher -> HashPassword($key);


    // Insert the new key into the database
    $wpdb -> update(
        $wpdb -> users,
        array(
            \'user_activation_key\' => $hashed
        ),
        array(
            \'user_login\' => $user_login
        )
    );
} // end if


    // Email message
    $message = (string)
    \'Someone requested that the password be reset for the following account:\' . "\\r\\n\\r\\n" .

    get_option(\'siteurl\') . "\\r\\n\\r\\n" .

    \'Username: \' . $user_login . "\\r\\n\\r\\n" .
    \'If this was a mistake, just ignore this email and nothing will happen.\' . "\\r\\n\\r\\n" .
    \'To reset your password, visit the following address:\' . "\\r\\n\\r\\n" .

    get_option(\'siteurl\') . \'/wp-login.php?action=rp&key=\' . $key . \'&login=\' . $user_login . "\\r\\n";


    // Send email
    if ((bool) false === wp_mail($user_email, get_option(\'blogname\') . \' Password Reset\', $message)) {
        $error_pass_reset[] = \'<p>The e-mail could not be sent at this time.</p>\' . "\\n";
    } // end if
} // end if


// Send the rest password email
do_action(\'login_form\', \'resetpass\');

} // end if (($_SERVER[\'REQUEST_METHOD\'] === (string) \'POST\') && (isset($_POST[\'reset_pass\'])))

结束

小码农CODE

检查自定义登录表单上的用户名是否正确

相关推荐

有没有办法重命名或隐藏wp-login.php？