I've been using a Wordpress tutorial to build a suitable login and pawords reset process as outlined here:
It worked super well until upgrade to Wordpress 4.3 in when the password reset stopped working and I now get an invalid key error message.
I have presumed that the mechanism has changed since the upgrade/ use of hashing/password expiration but cant seem to find any documentation. Does anyone know how to fix this, the password reset is outlined below:
/**
* Resets the user's password if the password reset form was submitted.
*/
public function do_password_reset() {
if ( 'POST' == $_SERVER['REQUEST_METHOD'] ) {
$rp_key = $_REQUEST['rp_key'];
$rp_login = $_REQUEST['rp_login'];
$user = check_password_reset_key( $rp_key, $rp_login );
if ( ! $user || is_wp_error( $user ) ) {
if ( $user && $user->get_error_code() === 'expired_key' ) {
wp_redirect( home_url( 'member-login?login=expiredkey' ) );
} else {
wp_redirect( home_url( 'member-login?login=invalidkey' ) );
}
exit;
}
// Reset password
reset_password( $user, $_POST['pass1'] );
wp_redirect( home_url( 'member-login?password=changed' ) );
} else {
echo "Invalid request.";
}
exit;
}
}