Advanced (Developers)

Who this is for

This page is for developers and technical users who need to extend or customize the plugin beyond the standard settings. If you just want to use the plugin's basic features, you don't need this page.

What you'll find here:

• WordPress hooks (actions and filters)
• PHP functions for custom code
• Template override system details
• URL parameters and workflow
• Code examples for customization
• Security best practices

What you won't need:

• Most users can accomplish everything through Settings without code
• Template customization can be done by copying files (no PHP knowledge required)
• Email customization has a visual editor in Settings

---

Template override system

How it works

The plugin uses a three-tier template hierarchy to load form templates:

1. Child theme (highest priority): child-theme/somfrp-templates/*.php
2. Parent theme: theme/somfrp-templates/*.php
3. Plugin defaults (fallback): plugin/templates/*.php

Template files

Three template files control the password reset flow:

Template	Purpose	When displayed
lost_password_form.php	Initial form where user enters email/username	Stage 1: User visits reset page
lost_password_reset_form.php	Form where user enters new password	Stage 2: User clicks email link
lost_password_reset_complete.php	Success message with login link	Stage 3: Password changed successfully

Creating template overrides

To customize templates:

1. Create directory: your-theme/somfrp-templates/
2. Copy template from plugin's templates/ directory
3. Modify the copy in your theme
4. Plugin automatically uses your version

Example: Override the lost password form

# Copy from plugin to theme
cp wp-content/plugins/frontend-reset-password/templates/lost_password_form.php \
   wp-content/themes/your-theme/somfrp-templates/

Template functions

Use these functions to work with templates:

somfrp_get_template( $template_name )
Returns path to template file through hierarchy.

$template = somfrp_get_template( 'lost_password_form.php' );
include $template;

somfrp_get_templates()
Returns array of template directories in priority order.

$dirs = somfrp_get_templates();
// Returns: [child-theme/somfrp-templates/, theme/somfrp-templates/, plugin/templates/]

Template variables

Templates have access to these variables:

Lost password form:

• $form_title - Form heading text
• $form_text - Instruction text
• $button_text - Submit button label
• $errors - Array of error messages

Reset password form:

• $form_title - Form heading
• $form_text - Instructions
• $button_text - Submit button label
• $reset_url - Form action URL
• $errors - Error messages
• Password requirement settings

Completion page:

• $form_title - Success heading
• $form_text - Success message
• Login URL via som_get_login_url()

---

Actions (hooks)

Actions let you run custom code at specific points in the password reset flow.

Quick reference

Action	When it fires	Parameters	Use for
somfrp_before_form	Before form HTML	None	Add notices, tracking
somfrp_after_form	After form HTML	None	Add help text, links
somfrp_post_request	After POST received	$action	Logging, rate limiting
somfrp_lost_pass_action	After email validation	$user_info	Admin notifications
somfrp_reset_pass_action	After password validation	$user, $new_pass	Log changes, send emails
somfrp_verify_nonce_request	After nonce check	$action, $result	Security monitoring
lostpassword_post	WordPress core hook	$errors, $user_data	Custom validation
validate_password_reset	WordPress core hook	$errors, $user	Additional checks

Common examples

Add custom notice before form:

add_action( 'somfrp_before_form', 'add_security_notice' );
function add_security_notice() {
    echo '<div class="notice">For security, ensure your email is correct.</div>';
}

Log password reset attempts:

add_action( 'somfrp_post_request', 'log_reset_attempts' );
function log_reset_attempts( $action ) {
    error_log( sprintf(
        'Password reset: %s from IP: %s',
        $action,
        $_SERVER['REMOTE_ADDR']
    ) );
}

Send admin notification:

add_action( 'somfrp_lost_pass_action', 'notify_admin' );
function notify_admin( $user_info ) {
    wp_mail(
        get_option( 'admin_email' ),
        'Password Reset Request',
        "User $user_info requested password reset"
    );
}

Log successful password changes:

add_action( 'somfrp_reset_pass_action', 'log_password_change', 10, 2 );
function log_password_change( $user, $new_pass ) {
    // NEVER log the actual password!
    update_user_meta( $user->ID, 'last_password_reset', current_time( 'mysql' ) );
}

Hook priorities

• Priority 5: Run before plugin handlers (validation, security)
• Priority 10: Default (standard customizations, logging)
• Priority 15: Run after plugin handlers (cleanup, fallbacks)

---

Filters

Filters let you modify data before the plugin uses it.

Quick reference

Filter	What it modifies	Parameters	Use for
somfrp_retrieve_password_title	Email subject	$title, $user_login, $user_data	Custom subject lines
somfrp_retrieve_password_message	Email body	$message, $key, $user_login, $user_data	HTML emails, branding
somfrp_get_allowed_html_tags	Allowed HTML in emails	$allowed_tags	Enable more HTML tags
somfrp_get_templates	Template directory array	$templates	Add custom template locations
somfrp_get_template	Resolved template path	$template_path, $template_name, $templates	Conditional templates

Common examples

Customize email subject:

add_filter( 'somfrp_retrieve_password_title', 'custom_email_subject', 10, 3 );
function custom_email_subject( $title, $user_login, $user_data ) {
    return sprintf( '[%s] Reset Your Password', get_bloginfo( 'name' ) );
}

Create HTML email:

add_filter( 'somfrp_retrieve_password_message', 'html_email', 10, 4 );
function html_email( $message, $key, $user_login, $user_data ) {
    $reset_url = som_get_lost_password_url() . '?somresetpass=true&key=' . $key . '&uid=' . $user_data->ID;
    
    return '<html><body style="font-family: Arial;">
        <h2>Password Reset</h2>
        <p>Hello ' . esc_html( $user_login ) . ',</p>
        <p><a href="' . esc_url( $reset_url ) . '" style="background:#0073aa;color:#fff;padding:10px 20px;text-decoration:none;">Reset Password</a></p>
    </body></html>';
}

Allow more HTML tags in emails:

add_filter( 'somfrp_get_allowed_html_tags', 'expand_allowed_tags' );
function expand_allowed_tags( $allowed_tags ) {
    $allowed_tags['p'] = array();
    $allowed_tags['div'] = array( 'class' => array(), 'style' => array() );
    $allowed_tags['img'] = array( 'src' => array(), 'alt' => array() );
    $allowed_tags['h1'] = array();
    $allowed_tags['h2'] = array();
    return $allowed_tags;
}

Add custom template directory:

add_filter( 'somfrp_get_templates', 'add_custom_template_dir' );
function add_custom_template_dir( $templates ) {
    // Add at highest priority
    array_unshift( $templates, WP_CONTENT_DIR . '/custom-templates/password-reset/' );
    return $templates;
}

---

Helper functions

Public functions you can use in your code.

URL functions

som_get_login_url()
Returns WordPress login page URL.

$login_url = som_get_login_url();
echo '<a href="' . esc_url( $login_url ) . '">Sign In</a>';

som_get_register_url()
Returns WordPress registration page URL.

$register_url = som_get_register_url();
echo '<a href="' . esc_url( $register_url ) . '">Create Account</a>';

som_get_lost_password_url()
Returns custom password reset page URL (from plugin settings).

$reset_url = som_get_lost_password_url();
echo '<a href="' . esc_url( $reset_url ) . '">Forgot Password?</a>';

Validation functions

somfrp_is_post_request()
Checks if current request is POST.

if ( somfrp_is_post_request() ) {
    // Process form
}

somfrp_verify_nonce_request( $action, $query_arg )
Verifies WordPress nonce for security.

if ( ! somfrp_verify_nonce_request( 'somfrp_lost_pass', 'somfrp_nonce' ) ) {
    wp_die( 'Security check failed' );
}

Utility functions

somfrp_get_allowed_html_tags()
Returns array of allowed HTML tags for emails.

$allowed = somfrp_get_allowed_html_tags();
$safe_content = wp_kses( $user_input, $allowed );

---

URL parameters

The plugin uses URL parameters to manage the three-stage workflow.

Parameters reference

Parameter	Value	Stage	Purpose
somresetpass	'true'	2	Indicates user clicked email link
key	Hash string	2	Password reset key (expires in 24h)
uid	User ID	2	Identifies which user is resetting
som_password_reset	'true'	3	Indicates successful completion

URL examples

Stage 1 - Lost password form:

https://example.com/reset-password/

Stage 2 - Reset password form:

https://example.com/reset-password/?somresetpass=true&key=abc123&uid=45

Stage 3 - Completion:

https://example.com/reset-password/?som_password_reset=true

Building reset URLs

function build_reset_url( $key, $user_id ) {
    $base_url = som_get_lost_password_url();
    
    return add_query_arg(
        array(
            'somresetpass' => 'true',
            'key' => $key,
            'uid' => $user_id
        ),
        $base_url
    );
}

Validating parameters

function validate_reset_params() {
    if ( ! isset( $_GET['somresetpass'] ) || ! isset( $_GET['key'] ) || ! isset( $_GET['uid'] ) ) {
        return new WP_Error( 'missing_params', 'Required parameters missing' );
    }
    
    $key = sanitize_text_field( $_GET['key'] );
    $user_id = intval( $_GET['uid'] );
    
    $user = get_userdata( $user_id );
    if ( ! $user ) {
        return new WP_Error( 'invalid_user', 'User not found' );
    }
    
    $check = check_password_reset_key( $key, $user->user_login );
    if ( is_wp_error( $check ) ) {
        return $check;
    }
    
    return array( 'user' => $user, 'key' => $key );
}

---

CSS customization

Form selectors

Target these CSS classes to style forms:

/* Main form container */
.somfrp-form-container {
    max-width: 400px;
    margin: 0 auto;
}

/* Form title */
.somfrp-form-title {
    font-size: 24px;
    margin-bottom: 20px;
}

/* Input fields */
.somfrp-input {
    width: 100%;
    padding: 10px;
    margin-bottom: 15px;
}

/* Submit button */
.somfrp-submit-button {
    background: #0073aa;
    color: #fff;
    padding: 12px 24px;
    border: none;
}

/* Error messages */
.somfrp-error {
    color: #d63638;
    padding: 10px;
    background: #fcf0f1;
    border-left: 4px solid #d63638;
}

/* Success messages */
.somfrp-success {
    color: #00a32a;
    padding: 10px;
    background: #f0f6fc;
    border-left: 4px solid #00a32a;
}

/* Password requirements */
.somfrp-password-requirements {
    list-style: none;
    padding: 0;
}

.somfrp-requirement {
    padding: 5px 0;
}

.somfrp-requirement.met {
    color: #00a32a;
}

.somfrp-requirement.unmet {
    color: #d63638;
}

Adding custom CSS

Method 1: Theme stylesheet

/* Add to your theme's style.css */
.somfrp-form-container {
    /* Your custom styles */
}

Method 2: WordPress Customizer

/* Appearance > Customize > Additional CSS */
.somfrp-submit-button {
    background: #your-brand-color;
}

Method 3: Enqueue custom stylesheet

add_action( 'wp_enqueue_scripts', 'custom_reset_styles' );
function custom_reset_styles() {
    wp_enqueue_style(
        'custom-reset-password',
        get_stylesheet_directory_uri() . '/css/password-reset.css'
    );
}

---

Security best practices

Never log passwords

// WRONG - Never do this
add_action( 'somfrp_reset_pass_action', 'bad_logging', 10, 2 );
function bad_logging( $user, $new_pass ) {
    error_log( 'Password: ' . $new_pass ); // NEVER!
}

// CORRECT
add_action( 'somfrp_reset_pass_action', 'good_logging', 10, 2 );
function good_logging( $user, $new_pass ) {
    error_log( 'Password reset for user ID: ' . $user->ID );
}

Always sanitize input

// Sanitize URL parameters
$key = sanitize_text_field( $_GET['key'] );
$uid = intval( $_GET['uid'] );

// Sanitize form input
$email = sanitize_email( $_POST['user_email'] );
$username = sanitize_user( $_POST['user_login'] );

Always escape output

// Escape URLs
<a href="<?php echo esc_url( $reset_url ); ?>">Reset</a>

// Escape HTML
<p><?php echo esc_html( $user_login ); ?></p>

// Escape attributes
<input value="<?php echo esc_attr( $email ); ?>">

Verify nonces

if ( ! somfrp_verify_nonce_request( 'somfrp_lost_pass', 'somfrp_nonce' ) ) {
    wp_die( 'Security check failed' );
}

Validate reset keys

$user = check_password_reset_key( $key, $user_login );
if ( is_wp_error( $user ) ) {
    wp_die( 'Invalid or expired reset key' );
}

---

Complete integration example

Here's a complete example showing multiple customizations:

/**
 * Custom password reset enhancements
 * Add to your theme's functions.php
 */

// 1. Add custom notice before form
add_action( 'somfrp_before_form', 'add_custom_notice' );
function add_custom_notice() {
    echo '<div class="custom-notice">
        <p>For security, we recommend using a password manager.</p>
    </div>';
}

// 2. Log all reset requests
add_action( 'somfrp_post_request', 'log_reset_requests' );
function log_reset_requests( $action ) {
    $log = array(
        'action' => $action,
        'ip' => $_SERVER['REMOTE_ADDR'],
        'time' => current_time( 'mysql' )
    );
    update_option( 'password_reset_log', $log );
}

// 3. Send admin notification
add_action( 'somfrp_lost_pass_action', 'notify_admin_reset' );
function notify_admin_reset( $user_info ) {
    wp_mail(
        get_option( 'admin_email' ),
        'Password Reset Request',
        "User $user_info requested password reset"
    );
}

// 4. Customize email subject
add_filter( 'somfrp_retrieve_password_title', 'custom_email_subject', 10, 3 );
function custom_email_subject( $title, $user_login, $user_data ) {
    return sprintf( '[%s] Reset Your Password', get_bloginfo( 'name' ) );
}

// 5. Create branded HTML email
add_filter( 'somfrp_retrieve_password_message', 'branded_email', 10, 4 );
function branded_email( $message, $key, $user_login, $user_data ) {
    $reset_url = som_get_lost_password_url() . '?somresetpass=true&key=' . $key . '&uid=' . $user_data->ID;
    
    ob_start();
    ?>
    <html>
    <body style="font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto;">
        <div style="background: #0073aa; padding: 20px; text-align: center;">
            <h1 style="color: #fff; margin: 0;">Password Reset</h1>
        </div>
        <div style="padding: 20px;">
            <p>Hello <?php echo esc_html( $user_login ); ?>,</p>
            <p>We received a request to reset your password. Click the button below:</p>
            <p style="text-align: center;">
                <a href="<?php echo esc_url( $reset_url ); ?>" 
                   style="background: #0073aa; color: #fff; padding: 12px 24px; 
                          text-decoration: none; border-radius: 4px; display: inline-block;">
                    Reset Password
                </a>
            </p>
            <p style="color: #666; font-size: 14px;">
                If you didn't request this, you can safely ignore this email.
            </p>
        </div>
    </body>
    </html>
    <?php
    return ob_get_clean();
}

// 6. Log successful password changes
add_action( 'somfrp_reset_pass_action', 'log_password_change', 10, 2 );
function log_password_change( $user, $new_pass ) {
    update_user_meta( $user->ID, 'last_password_reset', current_time( 'mysql' ) );
    
    // Send confirmation email
    wp_mail(
        $user->user_email,
        'Password Changed',
        'Your password was successfully changed.'
    );
}

// 7. Add help text after form
add_action( 'somfrp_after_form', 'add_help_text' );
function add_help_text() {
    echo '<div class="help-text">
        <p>Need help? <a href="/contact">Contact support</a></p>
    </div>';
}

---

Plugin architecture

Request flow

1. User submits form → somfrp_post_request() receives POST
2. Checks somfrp_action field to determine which handler to call
3. Validation handler runs (e.g., somfrp_lost_pass_handler())
4. If valid, callback runs (e.g., somfrp_lost_pass_callback())
5. Template displays result

Handler chain

Lost password flow:

1. somfrp_lost_pass_handler() - Validates email/username
2. somfrp_lost_pass_callback() - Generates key, sends email

Reset password flow:

1. somfrp_reset_pass_handler() - Validates new password
2. somfrp_reset_pass_callback() - Updates password in database

File locations

Key files in the plugin:

• includes/somfrp-functions.php - All core functions and hooks
• templates/*.php - Default template files
• som-frontend-reset-password.php - Main plugin file

---

What's next

For basic users:

• Quick start - Get started in 15 minutes
• FAQ - Common questions
• Troubleshooting - Common issues and solutions

For customization:

• Template overrides - Customize form appearance
• Styling and CSS - Visual customization
• Email customization - Customize emails

For troubleshooting:

• Troubleshooting - Common issues and solutions
• Email not sending - Email delivery issues

---

Settings reference

Configure the plugin in Settings > Frontend Reset Password. Settings are organized into three tabs.

General settings

Configure page assignments, form text, email templates, and redirect behavior.

Key settings:

• Reset Password Page (required) - Select page containing [reset_password] shortcode
• Login Page - Where users go after password reset
• Form titles and messages - Customize all form text
• Email subject and body - Customize reset email content
• Success redirect pages - Control post-reset navigation
• Reset link text - Customize email link text

View detailed General settings →

Security settings

Enforce password requirements to ensure users create strong passwords.

Key settings:

• Minimum password length (default: 8 characters)
• Require lowercase letters
• Require uppercase letters
• Require numbers
• Require special characters

View detailed Security settings →

Design settings

Control visual elements and user interface features.

Key settings:

• Password visibility toggle (eye icon) - Allow users to show/hide password

View detailed Design settings →

Settings storage

Settings are stored in WordPress options table:

• somfrp_gen_settings - General settings array
• somfrp_security_settings - Security requirements array
• somfrp_design_settings - Design options array

Access programmatically:

$general = get_option( 'somfrp_gen_settings' );
$security = get_option( 'somfrp_security_settings' );
$design = get_option( 'somfrp_design_settings' );

---

Templates reference

The plugin uses three template files to render the password reset workflow.

The three templates

Template	Purpose	When displayed
lost_password_form.php	Initial form where user enters email/username	Stage 1: User visits reset page
lost_password_reset_form.php	Form where user enters new password	Stage 2: User clicks email link
lost_password_reset_complete.php	Success message with login link	Stage 3: Password changed successfully

Template selection logic

The plugin automatically selects templates based on URL parameters:

// Stage 2: Reset form (user clicked email link)
if ( isset( $_GET['somresetpass'] ) && $_GET['somresetpass'] === 'true' ) {
    return somfrp_get_template('reset-form');
}

// Stage 3: Completion (password was changed)
if ( isset( $_GET['som_password_reset'] ) && $_GET['som_password_reset'] === 'true' ) {
    return somfrp_get_template('form-complete');
}

// Stage 1: Request form (default)
return somfrp_get_template('lost-form');

Template file locations

Plugin defaults:

wp-content/plugins/frontend-reset-password/templates/
├── lost_password_form.php
├── lost_password_reset_form.php
└── lost_password_reset_complete.php

Theme overrides:

wp-content/themes/your-theme/somfrp-templates/
├── lost_password_form.php          (overrides plugin version)
├── lost_password_reset_form.php    (overrides plugin version)
└── lost_password_reset_complete.php (overrides plugin version)

View detailed template documentation →

---

Customization reference

Multiple customization layers are available to match your site's branding.

Customization layers

1. Settings-based customization (easiest, no code required)

• Form text and messages
• Email subject and body
• Password security requirements
• Page assignments
• Password visibility toggle

2. Template overrides (control form HTML structure)

• Form layout and structure
• Field arrangement
• Additional form elements
• Custom HTML and markup

3. CSS styling (visual design)

• Colors and typography
• Spacing and layout
• Button styles
• Message appearance
• Validation feedback display

4. Email customization (using filters)

• Email subject line
• Email body content (HTML supported)
• Sender name and address
• Reset link text

5. Translations (multi-language support)

• Form labels and messages
• Button text
• Error messages
• Email content

Common customization scenarios

Match site branding:

1. Use CSS to match colors, fonts, and spacing
2. Customize form text in General settings
3. Override templates if needed for layout changes

Integrate with design system:

1. Create template overrides with your framework's HTML structure
2. Apply your framework's CSS classes
3. Add custom JavaScript if needed

Custom email branding:

1. Customize email content in General settings
2. Use email customization filters for advanced HTML templates
3. Set custom sender name and address

Multi-language site:

1. Create translation files for each language
2. Use WordPress language switcher or WPML/Polylang
3. Customize email content per language using filters

View detailed customization guides →

---

What's next

For basic users:

• Quick start tutorial - Set up in 15 minutes
• Settings documentation - Configure the plugin
• Troubleshooting - Resolve common issues

For developers:

• Review the hooks, filters, and functions above
• Check out the complete integration example
• Explore template override system details

Need help?

• FAQ - Common questions answered
• Resources - Support channels and learning materials