0

I'm very new to php and the kind of guy how follows tutorials and try to do the best of each, but I'm having some trouble with a custom reset password form on WooCommerce...

I have follow all the steps given by @Polar on WooCommerce lost password form on another page answer. But I'm not able to get the reset password form, When I activate the debug mode I got the following error:

"PHP Notice: Undefined variable: _SESSION in …/wp-content/plugins/Lost-password/lost-passwords.php on line 54"

This is what is written on line 54:

unset( $_SESSION[ "csx-show-reset-form" ] );

I'm able to put the user email and actually receive the email for reseting the password, but when I follow the link, it shows me the "insert your email" page again.

This is the code I'm using:

<?php

/*
Plugin Name:  Lost Password
Version: 1.0
Description: Personalized Shortcode for recovering password.
Text Domain: FA-Lost-Password
*/

/**
* Crea el shortcode [lost_password_form] para el formulario de los password
*/
 
function wc_custom_lost_password_form( $atts ) {
    if ( !empty( $_COOKIE[ "csx-reset-link-set" ] ) && isset( $_COOKIE[ "csx-reset-link-set" ] ) && $_COOKIE[ "csx-reset-link-set" ] === "true" ) { // WPCS: input var ok, CSRF ok.
        return wc_get_template( 'myaccount/lost-password-confirmation.php' );
    } elseif ( !empty( $_SESSION[ "csx-show-reset-form" ] ) && isset( $_SESSION[ "csx-show-reset-form" ] ) && $_SESSION[ "csx-show-reset-form" ] === "true" ) {
        $rp_id = $_SESSION[ "csx-id" ];
        $rp_key = $_SESSION[ "csx-key" ];
        if ( isset( $_COOKIE[ 'wp-resetpass-' . COOKIEHASH ] ) && 0 < strpos( $_COOKIE[ 'wp-resetpass-' . COOKIEHASH ], ':' ) ) { // @codingStandardsIgnoreLine
            list( $rp_id, $rp_key ) = array_map( 'wc_clean', explode( ':', wp_unslash( $_COOKIE[ 'wp-resetpass-' . COOKIEHASH ] ), 2 ) ); // @codingStandardsIgnoreLine
            $userdata = get_userdata( absint( $rp_id ) );
            $rp_login = $userdata ? $userdata->user_login : '';
            $user = WC_Shortcode_My_Account::check_password_reset_key( $rp_key, $rp_login );

            // Reset key / login is correct, display reset password form with hidden key / login values.
            if ( is_object( $user ) ) {
                return wc_get_template(
                    'myaccount/form-reset-password.php',
                    array(
                        'key' => $rp_key,
                        'login' => $rp_login,
                    )
                );
            }
        }
    }

    // Show lost password form by default.
    return wc_get_template(
        'myaccount/form-lost-password.php',
        array(
            'form' => 'lost_password',
        )
    );
}
add_shortcode( 'lost_password_form', 'wc_custom_lost_password_form' );

//Handling query
function csx_process_query() {

    if ( isset( $_GET[ 'reset-link-sent' ] ) && $_GET[ 'reset-link-sent' ] === "true" ) {
        setcookie( 'csx-reset-link-set', "true", time() + ( 300 * 1 ), "/" ); //Allow to submit email for reset after 5 minutes only.
        unset( $_SESSION[ "csx-show-reset-form" ] );
    }

    if ( isset( $_GET[ 'show-reset-form' ] ) && $_GET[ 'show-reset-form' ] === "true" ||
        isset( $_GET[ 'key' ] ) && isset( $_GET[ 'id' ] ) ) {
        $_SESSION[ "csx-show-reset-form" ] = "true";
        setcookie( 'csx-reset-link-set', "", time() - 3600, "/" );
    }

    //Set session and cookie if key and id are existed
    if ( isset( $_GET[ 'key' ] ) && isset( $_GET[ 'id' ] ) ) {
        $_SESSION[ "csx-key" ] = $_GET[ 'key' ];
        $_SESSION[ "csx-id" ] = $_GET[ 'id' ];

        $value = sprintf( "%s:%s", wp_unslash( $_GET[ 'id' ] ), wp_unslash( $_GET[ 'key' ] ) );
        WC_Shortcode_My_Account::set_reset_password_cookie( $value );
    }

    //Unset session and cookie after successfully changed the password.
    if ( isset( $_GET[ 'new-password-created' ] ) && $_GET[ 'new-password-created' ] === "true" ) {
        setcookie( 'wp-resetpass-' . COOKIEHASH, "", time() - 3600 );
        unset( $_SESSION[ "csx-show-reset-form" ] );
        unset( $_SESSION[ "csx-reset-link-set" ] );
        unset( $_SESSION[ "csx-id" ] );
        unset( $_SESSION[ "csx-key" ] );
    }
}
add_action( 'init', 'csx_process_query' );

//Redirect to custom lost password on request
function csx_redirections() {
    if ( isset( $_GET[ 'reset-link-sent' ] ) || isset( $_GET[ 'show-reset-form' ] ) ||
        isset( $_GET[ 'key' ] ) && isset( $_GET[ 'id' ] ) ) {
        wp_redirect( home_url() . '/password' );
        exit;
    }
}
add_action( 'template_redirect', 'csx_redirections' );

/**
*  Redirecccionar al usuario cuando la contraseña fue cambiada exitosamente
*/

function woocommerce_new_pass_redirect( $user ) {
    wc_add_notice( __( '¡Su Contraseña ha sido actualizada correctamente!', 'woocommerce' ), 'success' );
    wp_redirect( home_url() . "/mi-cuenta/?new-password-created=true" );
    exit;
}
add_action( 'woocommerce_customer_reset_password', 'woocommerce_new_pass_redirect' );

I'll apreciate any help you can give me.

Thanks

LoicTheAztec
  • 229,944
  • 23
  • 356
  • 399
Nicolas Montero
  • 1
  • 1
    Have you called [session_start()](https://www.php.net/manual/en/function.session-start.php) before attempting to query or modify `$_SESSION`? – kmoser Oct 27 '20 at 18:38
  • Actually no, where should I do this? – Nicolas Montero Oct 27 '20 at 18:49
  • Anywhere before you attempt to call `session_start()` and before you output any HTML. So preferably as soon as possible near the top of the page. – kmoser Oct 28 '20 at 03:39

0 Answers0