Hi, may be you can give me some guidance, I know this is custom code, but it has been requested in to your support team in the past.
I want to validate the user's saved password in the database before they can change it.
I am having a hard time setting the if statement that triggers the error.
Thank you.
/**
* CRED custom validation to prevent changing password without indicating current password
*/
add_filter( 'cred_form_validate', 'check_password_before_change' ,10,2);
function check_password_before_change( $error_fields, $form_data) {
$current_user = $_POST['user_login'];
$current_password = $_POST['old_pass'];
$user = get_current_user_id();
$form_ids = array( 99999 ); // Edit IDs of CRED forms
list( $fields,$errors ) = $error_fields;
if ( in_array($form_data['id'], $form_ids ) ) {
if ( $user && ! wp_check_password( $current_password, $user->data->user_pass, $user ) ) {
echo "<pre>".print_r($result,true)."</pre>";
$errors[ $current_password ] = 'wrong pass';
}
}
return array($fields,$errors);
};
Hello. Thank you for contacting the Toolset support.
Can you please share bit more details. At what point you want to validate the password?
- while creating the new user using Toolset form?
- or when you edit the user using Toolset form?
It is a user edit form, where user only edits the password - like a password change form. Which includes the following fields: old password, new password and repeat new password.
I want to make sure the old/current password matches the one saved in the database, before changing it to a new password.
Does that make sense?
Can you please share problem URL where I can see the password change form you added as well as access details.
*** Please make a FULL BACKUP of your database and website.***
I would also eventually need to request temporary access (WP-Admin and FTP) to your site. Preferably to a test site where the problem has been replicated if possible in order to be of better help and check if some configurations might need to be changed.
I have set the next reply to private which means only you and I have access to it.
I wonder why you install addon plugin to add "Code Snippet" as Toolset offers a place to add your "Custom Code" at:
=> Toolset => Settings => Custom Code
So, I've added the following code to "Custom Code" section offered by Toolset:
=> hidden link
add_filter( 'cred_form_validate', 'func_validate_length2', 10, 2 );
function func_validate_length2( $error_fields, $form_data ) {
global $current_user;
$current_password = $_POST['old_pass'];
$userdata = get_userdata($current_user->ID);
$result = wp_check_password($current_password, $userdata->data->user_pass, $userdata->ID);
$forms = array( 8088);
list($fields,$errors)=$error_fields;
if( in_array( $form_data['id'], $forms ) ){
if(!$result){
$errors['old_pass'] = __('Your current password do not match with existing password');
}
$p = isset($fields['user_pass']['value']) ? $fields['user_pass']['value'] : '';
if( strlen($p) < 6 ){
$errors['user_pass'] = __('Must include a minimum of 6 characters');
}
$nickname = isset($fields['nickname']['value']) ? $fields['nickname']['value'] : '';
if( strlen($nickname) < 4 ){
$errors['nickname'] = __('Must include a minimum of 4 characters');
}
}
return array( $fields, $errors );
}
My issue is resolved now. Thank you for your awesome support.
I agree with your question, I really have no need to use a different plugin, but I had added it before I started to use Toolset, also I believe Toolset is more secure as it creates a php file and code snippets saves the function to the database, which the latter is not good practice.
