Hi Julie,
Thanks for writing back.
> I agree a user edit form couldn't be used to reset the password if it had been forgotten but what if the user wanted to change their password and were logged in?
- Yes, for updating the password after logging in, users can use a Toolset user edit form as explained in the documentation:
https://toolset.com/documentation/user-guides/using-editing-forms-to-edit-your-profile/
Of course, you'll have to make sure that the custom password validation hook that you have attached to the user registration form, is also attached to this new edit form too.
> For the situation where the User has forgotten their password, the stackexchange post you've linked to is the one I've worked with but using the toolset shortcode. How do I replace this with the WordPress default password reset form?
- I apologize if my message resulted in confusion and I'll be happy to clarify this point.
1. By default, WordPress' lost password form is available at:
yourwebsite.com/wp-login.php?action=lostpassword
( screenshot: lien caché )
2. The link to reset the password that we get in the email leads to WordPress' default password reset form, at:
yourwebsite.com/wp-login.php?action=rp&key={................}&login={username}
( screenshot:lien caché )
Please note how these default forms are showing outside the theme's environment that is applied for the front-end.
3. If you'd like to show the lost password form and password reset form, within your website's front-end themed environment, you can create individual regular pages for them and then use "wpv-forgot-password-form" and "wpv-reset-password-form" shortcodes on them, respectively.
https://toolset.com/documentation/user-guides/views-shortcodes/#wpv-forgot-password-form
https://toolset.com/documentation/user-guides/views-shortcodes/#wpv-reset-password-form
Examples:
a). "Forgot Password" page:
yourwebsite.com/forgot-password/
Shortcode: [wpv-forgot-password-form]
Result screenshot: lien caché
b). "Reset Password" page:
yourwebsite.com/reset-password/
Shortcode: [wpv-reset-password-form]
Result screenshot: lien caché
4. You'll note that if you'll put a request to generate a new password, through the forgot password Toolset form at yourwebsite.com/forgot-password/, it will still generate a new password reset link in the email that will take to the default WordPress password reset form.
( as explained in point 2 )
5. If you'd like your users to get a link to generate a new password in the email that takes them to the custom reset password page ( as explained in point 3b - yourwebsite.com/reset-password/ ), then you'll need to include "reset_password_url" in your [wpv-forgot-password-form] shortcode at "Forgot Password" page:
[wpv-forgot-password-form reset_password_url="yourwebsite.com/reset-password/"]
As a result, now when a user will put a request to generate a new password through the form at yourwebsite.com/forgot-password/ the link in the email will look like this:
yourwebsite.com/reset-password/?action=rp&key={................}&login={username}
Now here is the catch. The function attached to the hook "validate_password_reset" works on the default WordPress reset password form ( point 2 ), but not on the custom Toolset password reset form ( point 3b ).
To summarize, if you'll not use a custom password reset form ( point 3b ), then the only way for users to request a new password would be through the default WordPress password reset form ( point 2 ), where custom validation function will be working.
( in other words, you should be skipping the step from point 5 )
Hope this explanation will help and let me know if any point is still not clear.
regards,
Waqar