Skip Navigation

[Resolved] CRED form question about server-side validation

This support ticket is created 2 years, 1 month ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun Mon Tue Wed Thu Fri Sat
- 9:00 – 13:00 9:00 – 13:00 9:00 – 13:00 9:00 – 13:00 9:00 – 13:00 -
- 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 -

Supporter timezone: Asia/Karachi (GMT+05:00)

This topic contains 4 replies, has 2 voices.

Last updated by Saul Baizman 2 years, 1 month ago.

Assisted by: Waqar.

Author
Posts
#2474343

Hi there,

This is a follow-up question to one posted here:

https://toolset.com/forums/topic/questions-about-user-forms-cred-plugin/

I am creating a user form for logged in users to change their passwords. The form has three fields and a button:

enter current password: _______
enter new password: _______
enter new password again: _______
[submit button]

The Toolset CRED plugin natively handles input fields for the new password and verification. I am adding my own field for the current password. I've followed the instructions in the other forum posting about using the wp_check_password() function inside the "cred_form_validate" hook. What I'm unsure how to do is 1) return a failing status if the current password is incorrect, stopping the submission from proceeding, and 2) display an error message on the form when the page refreshes.

Can you offer any guidance? I can also include a snippet of code of what I attempted to do.

Saul

#2474695

Hi Saul,

Thank you for contacting us and I'd be happy to assist.

On my test website, I was able to use the "cred_form_validate" hook and the "wp_check_password" function together, by following these steps:

1. In a user form to edit the current user, I created a "password" type generic field, with the slug "current-password".

2. Next, I used the following custom function attached to the "cred_form_validate" hook, which sets the errors if the current password field is empty or if the entered password is not correct:


add_filter('cred_form_validate', 'validate_form_current_password');
function validate_form_current_password( $data ) {
	list($fields,$errors)=$data;
	// get the ID of the user being edited
	$user_id = $fields['_cred_cred_prefix_post_id']['value'];

	// empty check for the current password field
	if (empty($fields['current-password']['value'])) {
		$errors['current-password'] = 'Current password field cannot be empty!';
	} else {
		// if the current password field is not empty, get the user's details
		$user = get_user_by( 'ID', $user_id );
		// check if the user password matches
		if ( !($user && wp_check_password( $fields['current-password']['value'], $user->data->user_pass, $user_id )) ) {
			// if not, set this error
			$errors['current-password'] = 'Current password is not correct!';
		}
	}
	return array($fields,$errors);
}

I hope this helps and you can compare this code with the one that you have and make the adjustments, accordingly.

regards,
Waqar

#2474825
screenshot 2022-10-12 at 10.32.30.png

Waqar,

This is excellent! Thank you. So all I need to do is populate the $errors array accordingly, and the form submission will fail? Is that all it takes to halt the form?

Also, similar to another question in another thread, can I edit the error message for the field? I'm using a custom error message now, but it contains an ungainly "current-password:" prefix:

"current-password: The current password was not correct. The password has not been updated."

Can I remove that prefix? (I'd also like to change the "The user was not saved because of the following problem:" message above it. See the attached screenshot.)

Thank you.

Saul

#2475467

Glad my message helped.

> So all I need to do is populate the $errors array accordingly, and the form submission will fail? Is that all it takes to halt the form?

- Yes, your understanding is correct.

> Also, similar to another question in another thread, can I edit the error message for the field? I'm using a custom error message now, but it contains an ungainly "current-password:" prefix. Can I remove that prefix?

- I'm afraid, through the 'cred_form_validate', it is only possible to set the error message, but the prefix field slug, can't be removed. You'll need to use some custom CSS or JS code to manipulate/hide it.

#2475555

Sounds good. Thanks again, Waqar!

Saul