I’ve this manually created web page:
$user_login = sanitize_text_field( $_GET['user_login'] );
if ( username_exists( $user_login ) || email_exists($user_login) ) { ?>
<!--Every part has been validated, proceed ....-->
<!DOCTYPE HTML>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<title></title>
<script kind="textual content/javascript">
operate submit()
{
var f = doc.getElementById('lostpasswordform');
f.onclick = operate () { };
doc.lostpasswordform.submit();
}
</script>
</head>
<physique onload="submit()">
<type identify="lostpasswordform" id="lostpasswordform" motion="<?php echo esc_url( site_url( 'wp-login.php?motion=lostpassword', 'login_post' ) ); ?>" technique="put up">
<enter kind="hidden" identify="user_login" id="user_login" class="enter" worth="<?php echo ($user_login); ?>" />
<?php do_action('lost_password'); ?>
</type>
</physique>
</html>
<?php
echo "SUCCESS";
exit();
} else {
echo "Entered Username or Electronic mail was incorrect, please strive once more!";
}
… every little thing appears proper but it surely would not work when known as from an app, but when I manually go to area.com/forgot-password?user_login=username it does ship the reset go electronic mail superb.