wordpress custom password reset page template
This tutorial will walk you through how to create a custom page template that will allow registered users to reset their password in case they forgot their current password.
After i wrote my tutorial named “Custom WordPress Login without using a plugin”, a lot of people asked me how to do the password reset in a custom way. But at that time i have not enough time to write and test it. So finally, i got some time to write this tutorial for you all.
This password reset will work in two steps. In the first step, we will create an activation key to reset the password and in the second step, we will validate the activation key and create a new password.
Create a new Page template
- <?php
- /*
- Template Name: Custom WordPress Password Reset
- */
- ?>
Create a new php file named password_reset.php or somename.php and put the above lines.
Overview of the Page Template
- <?php
- global $wpdb, $user_ID;
- wp_enqueue_script( 'jquery' );
-
- if (!$user_ID) { //block logged in users
- //Validation stuffs, Form stuffs, etc
- }
- else {
- //redirect logged in users to home page
- }
- ?>
The above lines are same like what we did for the custom login and custom registration page templates in the
previous tutorials. Those lines are to redirect the logged in users to homepage.
Showing the password reset form
Put inside the if condition, if (!$user_ID) { }
- <div id="content">
- <form id="wp_pass_reset" action="" method="post">
-
- <input type="hidden" name="action" value="tg_pwd_reset" />
- <input type="hidden" name="tg_pwd_nonce" value="<?php echo wp_create_nonce("tg_pwd_nonce"); ?>" />
- <input type="submit" id="submitbtn" name="submit" value="Reset" />
-
- </form>
- <script type="text/javascript">
- jQuery("#wp_pass_reset").submit(function() {
- var input_data = jQuery("#wp_pass_reset").serialize();
- jQuery.ajax({
- type: "POST",
- url: "'. get_permalink( $post->ID ).'",
- data: input_data,
- success: function(msg){
- jQuery(".loading").remove();
- jQuery("<div>").html(msg).appendTo("div#result").hide().fadeIn("slow");
- }
- });
- return false;
- });
- </script>
- </div>
So we are showing the password reset form only to users who are not logged in.
Get the permalink setting
- function tg_validate_url() {
- global $post;
- $page_url = esc_url(get_permalink( $post->ID ));
- if ($urlget === false) {
- $concate = "?";
- } else {
- $concate = "&";
- }
- return $page_url.$concate;
- }
The above function will help us to find the current permalink setting.
Validating the email and username
Now let’s write down the php validation part which will validate the email and username inputted by the user.
- if($_POST['action'] == "tg_pwd_reset"){
- if ( !wp_verify_nonce( $_POST['tg_pwd_nonce'], "tg_pwd_nonce")) {
- }
- echo'<span class="error">Please enter your Username or E-mail address</span>';
- }
- //We shall SQL escape the input
-
- $user_data = get_user_by_email($user_input);
- //the condition $user_data->caps[administrator] == 1 to prevent password change for admin users.
- //if you prefer to offer password change for admin users also, just delete that condition.
- echo'<span class="error">Invalid E-mail address!</span>';
- }
- }
- else {
- $user_data = get_userdatabylogin($user_input);
- //the condition $user_data->caps[administrator] == 1 to prevent password change for admin users.
- //if you prefer to offer password change for admin users also, just delete that condition.
- echo'<span class="error">Invalid Username!</span>';
- }
- }
-
- $user_login = $user_data->user_login;
- $user_email = $user_data->user_email;
-
- $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
- //generate reset key
- $key = wp_generate_password(20, false);
- }
-
- //emailing password change request details to the user
- $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
- $message .= get_option('siteurl') . "\r\n\r\n";
- $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
- $message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
- $message .= tg_validate_url() . "action=reset_pwd&key=$key&login=" . rawurlencode($user_login) . "\r\n";
- if ( $message && !wp_mail($user_email, 'Password Reset Request', $message) ) {
- echo "<div class='error'>Email failed to send for some unknown reason.</div>";
- }
- else echo '<div class='success'>We have just sent you an email with Password reset instructions.</div>';
-
- }
You can see that i am generating an activation key and sending an email to the user with the activation key. The user need to follow the reset link in the email to reset the password.
Also, i had written a condition to prevent password change for admin users for security.
Validating activation key and Password reset
So now we need to validate the activation key and username from the reset link.
- $reset_key = $_GET['key'];
- $user_login = $_GET['login'];
- $user_data = $wpdb->get_row($wpdb->prepare("SELECT ID, user_login, user_email FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $reset_key, $user_login));
- $user_login = $user_data->user_login;
- $user_email = $user_data->user_email;
- $new_password = wp_generate_password(7, false); //you can change the number 7 to whatever length needed for the new password
- wp_set_password( $new_password, $user_data->ID );
- //mailing the reset details to the user
- $message = __('Your new password for the account at:') . "\r\n\r\n";
- $message .= get_bloginfo('name') . "\r\n\r\n";
- $message .= __('You can now login with your new password at: ') . get_option('siteurl')."/login" . "\r\n\r\n";
-
- if ( $message && !wp_mail($user_email, 'Password Reset Request', $message) ) {
- echo "<div class='error'>Email failed to sent for some unknown reason</div>";
- }
- else {
- $redirect_to = get_bloginfo('url')."/login?action=reset_success";
- wp_safe_redirect($redirect_to);
- }
- }
-
- }
The above process will generate a random 7 chanracter length password and send it to the user.
After sending the email, the page will be redirected to our custom login page, in which you can show some message like “You password has been changed. Now you can login with your new password”.
- //This goes in to your custom login page template
- echo '<span class="success">You password has been changed. Now you can login with your new password</span>';
- }
Hope you like this tutorial. See you again with a new tutorial.
Hi,
I just created a page with your code but have no idea how to access it, I’m getting 404 errors when try to view it from the page edit screen. Am i missing something?
Thanks, first complete tutorial on the subject.
Well, I wasn’t thinking and was logged in, however clicking on the password reset link I’m getting the “Email failed to sent for some unknown reason” message.
Sorry, i forgot to initialize the $user_email variable. Now I updated the code. Thanks for testing my code.
Hey! There is an error in your code. If password is reset successfully then it’s not sending e-mail: “Email failed to sent for some unknown reason”.
I figured out that you can’t get an e-mail from this object.
$user_data = $wpdb->get_row($wpdb->prepare(“SELECT ID FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s”, $reset_key, $user_login));
You have to use get_user_by(‘login’,$user_login); to get an object with user’s e-mail. And then everything else works: reset success e-mail is sent.
It can! but i missed to select the user_email column in my query. The code has been updated.
Hi! I have got the same problem that Elba. Any solution?
The error is: Email failed to sent for some unknown reason.
The code has been updated. Source file also updated.
Thanks Kannan. Now, it works correctly!
Great post thank you for sharing with us.I am very thanks for such an great articles.This type of great resources and articles are very useful.Anything that improves usability has got to be a good thing right.
Thanks
Great tutorial. but i have a question. how can i get the user list in admin panel ? where user list show in admin panel?
Thanks Kannan, your code saves me a lot of time. Great stuff…
awesome tutorial. if possible please write more and more tutorials about wordpress.
get_user_by_email and get_userdatabylogin are all deprecated function and throws up errors use .
get_user_by(‘email’, $user_input) in place of get_user_by_email();
get_user_by(‘login’, $user_input) in place of get_userdatabylogin();
also the last bit of code is a bit confusing where exactly in the login template should this bit of code goes
//This goes in to your custom login page template
if(isset($_GET['action']) && $_GET['action'] == “reset_success”) {
echo ‘You password has been changed. Now you can login with your new password’;
}
functions work fine yet the page reloads in the content area completely with header, footer and all.
I got a page in the page in the page.
Any idea?
Works absolutely great – I must be blind didn’t see the download button (ah those users!) – so I want to compliment you for this great job!
Most shopping carts come with an Account button I wonder about that! Why would anybody click on My Account to reset a password – or sign up or login – especially those who do not have an account?
So you saved me a lot of time – and nerves!
Awesome tutorial. I have been banging my head for hours trying to get the password reset skinned.
great tutorial , thanks for sharing.
I got “Invalid Username!” when I enter a correct username, and got “Invalid Email Address!” when I enter a correct email address.
Is there anything to be fixed? or am I missing something?
btw, I use WP 3.5.
Great tutorial, This was absolutely what I needed. I’d love to see additional tutorials from you.
One question with this code. Is there a way to have the confirmation/error messages display without clearing the page first? Right now the echo resets the page and wipes away all of my styling.
Any guidance?
Resolved my own question and posted answer here:
http://www.tutorialstag.com/custom-wordpress-login-without-using-a-plugin.html/comment-page-1#comment-53966
Also get “Invalid Username” and “Invalid Email Address” – WP 3.51
one queation tho… how do i implement it … i just see a bunch of codes
please how do i implement this to a lost password link
and is the downloadable file the updated one
Today, while I was at work, my sister stole my iphone
and tested to see if it can survive a twenty five foot drop, just so she can be a youtube sensation.
My iPad is now destroyed and she has 83 views. I know this is completely off topic
but I had to share it with someone!
Is there a way of sending the actual password instead of generating a new one? Thanks. Great tutorials btw.
Thank you for the auspicious writeup. It in fact was a amusement account it.
Look advanced to more added agreeable from you!
By the way, how could we communicate?