Nad
Reputation: 93
Wordpress - Custom Change Password page
I'm trying to create custom page for Change Password under Profile. When I store/update the new user password(already change to hash value), it will logout automatically. The new password can be use to login again. Is there any way to update user password without logout afterward? I would like to avoid using plugin...Below are my code:-
<form method='post' action='changepassword'>
<div class='mypageMyDetailsBox'>
<span class='titleSub'>Password</span>
<table width='90%' align="center">
<tr>
<td width='40%'>Current Password</td>
<td width='60%'><input type='text' name='currentpassword' size='70'></td>
</tr>
<tr>
<td>New Password</td>
<td><input type='text' name='newpassword' size='70'></td>
</tr>
<tr>
<td>Confirm New Password</td>
<td><input type='text' name='confirmpassword' size='70'></td>
</tr>
</table>
</div>
</div>
<div align='center'>
<input type='submit' name='submit_update' value='Update' class='subUpt'>
</div>
</form>
<?php
if (isset($_POST['submit_update'])) {
$currentpassword = $_POST['currentpassword'];
$newpassword = $_POST['newpassword'];
require_once ABSPATH . 'wp-includes/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );
$user_info = get_userdata($currentUserID);
$user_pass = $user_info->user_pass;
if($wp_hasher->CheckPassword($currentpassword, $user_pass)) {
$passhash = wp_hash_password($newpassword);
$upd = $wpdb->query("UPDATE wp_users SET user_pass = '".$passhash."' WHERE ID = ".$currentUserID." LIMIT 1");
if ($upd) {
//Success
}
} else {
//Password not match
}
}
?>
Thank you in advance.
Upvotes: 2
Views: 12694
Answers (3)
Dariusz
Reputation: 22271
A full change password custom page working on wordpress 5.5.1
This control:
- validates user input
- provides basic messages about user input
- changes the password
- does not logout after changing the password
<?php
global $wp;
$current_slug = add_query_arg( array(), $wp->request );
$full_path=add_query_arg( $wp->query_vars, home_url( $wp->request ) );
if (isset($_POST['submit_update'])) {
$currentpassword = $_POST['currentpassword'];
$newpassword = $_POST['newpassword'];
$confirmpassword = $_POST['confirmpassword'];
$empty_new_pw = empty($newpassword) || empty($confirmpassword);
require_once ABSPATH . 'wp-includes/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );
$user = wp_get_current_user();
$password_changed_ok = false;
$invalid_password = false;
$passwords_dont_match = ($newpassword != $confirmpassword);
//$newpasswordhash = wp_hash_password($currentpassword);
if ($passwords_dont_match || $empty_new_pw) {
// empty on purpose
} else if ( wp_check_password( $currentpassword, $user->user_pass, $user->ID ) ) {
wp_set_password($newpassword, $user->ID);
$userid=$user->ID;
// $user = wp_signon(array('user_login' => $user->user_login, 'user_password' => $newpassword));
$userdata['ID'] = $userid; //user ID
$userdata['user_pass'] = $newpassword;
wp_update_user( $userdata );
$password_changed_ok = true;
} else {
$invalid_password = true;
}
}
?>
<form method='post' action='/<?php print("$full_path"); ?>'>
<div class='mypageMyDetailsBox'>
<?php if ($password_changed_ok): ?>
<span class='titleSub'>Hasło zmienione poprawnie!</span>
<?php else: ?>
<span class='titleSub'>Zmień hasło</span>
<?php endif ?>
<br/>
<table width='90%' align="center">
<tr>
<td width='40%'>Aktualne hasło</td>
<td width='60%'><input type='password' name='currentpassword' size='70'>
<?php if ($invalid_password): ?>
Niepoprawne hasło
<?php endif ?>
</td>
</tr>
<tr>
<td>New Password</td>
<td><input type='password' name='newpassword' size='70'>
<?php if ($empty_new_pw): ?>
Wpisz nowe hasło
<?php endif ?>
</td>
</tr>
<tr>
<td>Confirm New Password</td>
<td><input type='password' name='confirmpassword' size='70'>
<?php if ($passwords_dont_match): ?>
Hasła się nie zgadzają
<?php endif ?>
<?php if ($empty_new_pw): ?>
Wpisz nowe hasło powtórnie
<?php endif ?>
</td>
</tr>
</table>
</div>
</div>
<div align='center'>
<input type='submit' name='submit_update' value='Update' class='subUpt'>
</div>
</form>
Upvotes: 0
Ryan H
Reputation: 547
This wasn't working for me so I'm posting this for future reference:
wp_set_password($_POST['new_password'], $user_id);
$current_user = wp_signon(array('user_login' => $user_login, 'user_password' => $_POST['new_password']));
Upvotes: 1
michaelrmcneill
Reputation: 1163
You should try using wp_set_password, instead of directly using WP_Query. While I haven't tested it specifically, it should update the password and not require you to logout and log back in.
EDIT: The problem is the cookie becomes invalid. You'll need to set/reset cookies using wp_set_auth_cookie. Try adding this:
if(!is_wp_error($update))
{
wp_cache_delete($user_ID,'users');
wp_cache_delete($user->user_login,'userlogins');
wp_logout();
if (wp_signon(array('user_login'=>$user->user_login,'user_password'=>$_POST['admin_pass1']),false)):
wp_redirect(admin_url());
endif;
ob_start();
}else{
wp_set_auth_cookie( $current_user_id, true);
}
Upvotes: 1
Related Questions
- Wordpress Update User's Password with PHP
- Replace wp login with custom login page
- Make a wordpress change password page? on a template not on admin
- Change password using php
- Change Customer Login Password in Magento
- how can i create a page where my users can change their password
- WordPress : Password Protected Page
- I'm trying to make a change password page for my website. What am I doing wrong?
- Customizing wordpress login page
- HTML PHP MYSQL Change Password