Get WordPress

Make WordPress Core

Changeset 58333

Timestamp:
06/04/2024 02:42:29 PM (2 months ago)
Author:
audrasjb
Message:

Login and Registration: Flush user_activation_key after successfully login.

This changeset ensures the user_activation_key is flushed after successful login, so reset password links can not be used anymore after the user successfully log into their dashboard.

Props nsinelnikov, rajinsharwar, Rahmohn, oglekler, hellofromTonya.
Fixes #58901.
See #32429

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/user.php

    r58261 r58333  
    111111
    112112    wp_set_auth_cookie( $user->ID, $credentials['remember'], $secure_cookie );
     113
     114
     115
     116
     117
     118
     119
     120
     121
     122
     123
     124
     125
     126
     127
     128
     129
     130
     131
     132
     133
     134
    113135    /**
    114136     * Fires after the user has successfully logged in.

  • trunk/tests/phpunit/tests/auth.php

    r57990 r58333  
    425425
    426426    /**
     427
     428
     429
     430
     431
     432
     433
     434
     435
     436
     437
     438
     439
     440
     441
     442
     443
     444
     445
     446
     447
     448
     449
     450
     451
    427452     * Ensure users can log in using both their username and their email address.
    428453     *
Note: See TracChangeset for help on using the changeset viewer.