stackoom
  简体   繁体   中英

Wordpress - Custom Change Password page

 原文  2014-07-07 02:30:38       php/ wordpress

Question

I'm trying to create custom page for Change Password under Profile. When I store/update the new user password(already change to hash value), it will logout automatically. The new password can be use to login again. Is there any way to update user password without logout afterward? I would like to avoid using plugin...Below are my code:-

<form method='post' action='changepassword'>
<div class='mypageMyDetailsBox'>
<span class='titleSub'>Password</span>
<table width='90%' align="center">
<tr>
<td width='40%'>Current Password</td>
<td width='60%'><input type='text' name='currentpassword' size='70'></td>
</tr>
<tr>
<td>New Password</td>
<td><input type='text' name='newpassword' size='70'></td>
</tr>
<tr>
<td>Confirm New Password</td>
<td><input type='text' name='confirmpassword' size='70'></td>
</tr>
</table>
</div>

</div>
<div align='center'>
<input type='submit' name='submit_update' value='Update' class='subUpt'>
</div>
</form>
<?php 
if (isset($_POST['submit_update'])) {

$currentpassword = $_POST['currentpassword'];
$newpassword = $_POST['newpassword'];

require_once ABSPATH . 'wp-includes/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );

$user_info = get_userdata($currentUserID); 
$user_pass = $user_info->user_pass;

if($wp_hasher->CheckPassword($currentpassword, $user_pass)) {
    $passhash = wp_hash_password($newpassword);
    $upd = $wpdb->query("UPDATE wp_users SET user_pass = '".$passhash."' WHERE ID = ".$currentUserID." LIMIT 1");
    if ($upd) {        
        //Success
    }
} else {
    //Password not match 
}
}
?>

Thank you in advance.

3 answers

solution1
 1 ACCPTED  2014-07-07 03:13:16

You should try using wp_set_password , instead of directly using WP_Query. While I haven't tested it specifically, it should update the password and not require you to logout and log back in.

EDIT: The problem is the cookie becomes invalid. You'll need to set/reset cookies using wp_set_auth_cookie . Try adding this:

if(!is_wp_error($update))
{
    wp_cache_delete($user_ID,'users');
    wp_cache_delete($user->user_login,'userlogins');
    wp_logout();
    if (wp_signon(array('user_login'=>$user->user_login,'user_password'=>$_POST['admin_pass1']),false)):
        wp_redirect(admin_url());
    endif;
    ob_start();
}else{
    wp_set_auth_cookie( $current_user_id, true);
}

solution2
 1  2016-04-19 22:35:33

This wasn't working for me so I'm posting this for future reference:

wp_set_password($_POST['new_password'], $user_id);
$current_user = wp_signon(array('user_login' => $user_login, 'user_password' => $_POST['new_password']));

solution3
 0  2020-10-16 09:36:09

A full change password custom page working on wordpress 5.5.1

This control:

  • validates user input
  • provides basic messages about user input
  • changes the password
  • does not logout after changing the password
<?php 

global $wp;
$current_slug = add_query_arg( array(), $wp->request );
$full_path=add_query_arg( $wp->query_vars, home_url( $wp->request ) );


if (isset($_POST['submit_update'])) {

$currentpassword = $_POST['currentpassword'];
$newpassword = $_POST['newpassword'];
$confirmpassword = $_POST['confirmpassword'];
$empty_new_pw = empty($newpassword) || empty($confirmpassword);

require_once ABSPATH . 'wp-includes/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );

$user = wp_get_current_user();

$password_changed_ok = false;
$invalid_password = false;
$passwords_dont_match = ($newpassword != $confirmpassword);

//$newpasswordhash = wp_hash_password($currentpassword);

if ($passwords_dont_match || $empty_new_pw) {
  // empty on purpose
} else if ( wp_check_password( $currentpassword, $user->user_pass, $user->ID ) ) {
  wp_set_password($newpassword, $user->ID);

  $userid=$user->ID;

//  $user = wp_signon(array('user_login' => $user->user_login, 'user_password' => $newpassword));

  $userdata['ID'] = $userid; //user ID
  $userdata['user_pass'] = $newpassword;
  wp_update_user( $userdata );

  $password_changed_ok = true;
} else {
  $invalid_password = true;
}

}
?>



<form method='post' action='/<?php print("$full_path"); ?>'>
<div class='mypageMyDetailsBox'>

<?php if ($password_changed_ok): ?>
<span class='titleSub'>Hasło zmienione poprawnie!</span>
<?php else: ?>
<span class='titleSub'>Zmień hasło</span>
<?php endif ?>
<br/>
<table width='90%' align="center">
<tr>
<td width='40%'>Aktualne hasło</td>
<td width='60%'><input type='password' name='currentpassword' size='70'>
<?php if ($invalid_password): ?>
Niepoprawne hasło
<?php endif ?>
</td>
</tr>
<tr>
<td>New Password</td>
<td><input type='password' name='newpassword' size='70'>
<?php if ($empty_new_pw): ?>
Wpisz nowe hasło
<?php endif ?>
</td>
</tr>
<tr>
<td>Confirm New Password</td>
<td><input type='password' name='confirmpassword' size='70'>
<?php if ($passwords_dont_match): ?>
Hasła się nie zgadzają
<?php endif ?>
<?php if ($empty_new_pw): ?>
Wpisz nowe hasło powtórnie
<?php endif ?>
</td>
</tr>
</table>
</div>

</div>
<div align='center'>
<input type='submit' name='submit_update' value='Update' class='subUpt'>
</div>
</form>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question errors=invalidkey for a WordPress Custom Password recovery page Change the description of the forgot password page in WordPress Wordpress change URL parameter on custom page Change location of custom settings page in wordpress backend WordPress password reset in custom login page getting errors=invalidkey error How to make a custom template in WordPress work as a password protected page? WordPress : Password Protected Page Add my custom page id for dynamically page title change in wordpress Change page template to show Custom Post Type in Wordpress How to change the value of the input field of custom WordPress admin page?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM