[email protected]

Hi again,

I looked further into it. Had a peek into wp-login.php in WordPress 3.8.

In Sexy Login ajax.php I exchanged this code:

$key	= $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));

if ( empty($key) ) {
	// Generate something random for a key...
	$key = wp_generate_password(20, false);
	do_action('retrieve_password_key', $user_login, $key);
	// Now insert the new md5 key into the db
	$wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login));
}

With this code (from wp-login.php):

$key = wp_generate_password( 20, false );

/**
 * Fires when a password reset key is generated.
 *
 * @since 2.5.0
 *
 * @param string $user_login The username for the user.
 * @param string $key        The generated password reset key.
 */
do_action( 'retrieve_password_key', $user_login, $key );

// Now insert the key, hashed, into the DB.
if ( empty( $wp_hasher ) ) {
	require_once ABSPATH . 'wp-includes/class-phpass.php';
	$wp_hasher = new PasswordHash( 8, true );
}
$hashed = $wp_hasher->HashPassword( $key );
$wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) );

Would appreciate your view on this code alteration…

Thanks!

Thanks a lot! ??

Hi,

Thanks for the quick reply. Under administration – options, I can only find “Allow anonymous users to post issues?”. This concerns issues only, am I right? So this one is unchecked. The user has to be logged in to post an issue, but my problem is that anyone can post a comment to a issue. Are there any setting related to that? Maybe I’m missing something…

Br

J?rgen