I created a simple form for my users to can change their passwords. but there is a problem and I am confused! I tried a lot to change my password but my pass will not be changed by wp_set_password() and I do not know the reason really.
<?php /* Template Name: user-edit-password */ ?>
<?php
$user = wp_get_current_user();
$userID = $user->ID;
$has_error = false;
$has_success = false;
$message = array();
if( isset($_POST['karneta_pass_submit']) ){
if( !isset($_POST['security']) || !wp_verify_nonce($_POST['security'],'edit-profile-password-nonce') ){
print('do not damage that');
} else {
$currentpass = sanitize_text_field($_POST['karneta_currentpass']);
$newpass = sanitize_text_field($_POST['karneta_newpass']);
$repeatnewpass = sanitize_text_field($_POST['karneta_repeatnewpass']);
if( wp_check_password($currentpass, $user->data->user_pass, $UserID) ){
if( empty($currentpass) || empty($newpass) || empty($repeatnewpass) ){
$has_error = true;
$message[] = "fill all the fields";
}
elseif( $newpass !== $repeatnewpass ){
$has_error = true;
$message[] = "they are not the same";
}
else {
wp_set_password($newpass,$UserID);
$has_success = true;
$message[] = "password changed successfully";
}
} else {
$has_error = true;
$message[] = "the old password is not correct";
}
}
}
?>
<div class="usereditprofile">
<div class="usereditprofilediv">
<div>
<?php if( $has_error ){ ?>
<div class="userprofile_message error">
<?php foreach ($message as $item) { ?>
<p><?php echo $item; ?></p>
<?php } ?>
</div>
<?php } ?>
<?php if( $has_success ){ ?>
<div class="userprofile_message success">
<?php foreach ($message as $sitem) { ?>
<p><?php echo $sitem; ?></p>
<?php } ?>
</div>
<?php } ?>
</div>
<form action="" method="post" class="usereditprofileform">
<?php wp_nonce_field('edit-profile-password-nonce', 'security'); ?>
<input type="password" placeholder="old password" value="" name="karneta_currentpass" required>
<input type="password" placeholder="new password" value="" name="karneta_newpass" required>
<input type="password" placeholder="repeat new password" value="" name="karneta_repeatnewpass" required>
<input type="submit" value="change your pass" name="karneta_pass_submit">
</form>
</div>
</div>
I created a simple form for my users to can change their passwords. but there is a problem and I am confused! I tried a lot to change my password but my pass will not be changed by wp_set_password() and I do not know the reason really.
<?php /* Template Name: user-edit-password */ ?>
<?php
$user = wp_get_current_user();
$userID = $user->ID;
$has_error = false;
$has_success = false;
$message = array();
if( isset($_POST['karneta_pass_submit']) ){
if( !isset($_POST['security']) || !wp_verify_nonce($_POST['security'],'edit-profile-password-nonce') ){
print('do not damage that');
} else {
$currentpass = sanitize_text_field($_POST['karneta_currentpass']);
$newpass = sanitize_text_field($_POST['karneta_newpass']);
$repeatnewpass = sanitize_text_field($_POST['karneta_repeatnewpass']);
if( wp_check_password($currentpass, $user->data->user_pass, $UserID) ){
if( empty($currentpass) || empty($newpass) || empty($repeatnewpass) ){
$has_error = true;
$message[] = "fill all the fields";
}
elseif( $newpass !== $repeatnewpass ){
$has_error = true;
$message[] = "they are not the same";
}
else {
wp_set_password($newpass,$UserID);
$has_success = true;
$message[] = "password changed successfully";
}
} else {
$has_error = true;
$message[] = "the old password is not correct";
}
}
}
?>
<div class="usereditprofile">
<div class="usereditprofilediv">
<div>
<?php if( $has_error ){ ?>
<div class="userprofile_message error">
<?php foreach ($message as $item) { ?>
<p><?php echo $item; ?></p>
<?php } ?>
</div>
<?php } ?>
<?php if( $has_success ){ ?>
<div class="userprofile_message success">
<?php foreach ($message as $sitem) { ?>
<p><?php echo $sitem; ?></p>
<?php } ?>
</div>
<?php } ?>
</div>
<form action="" method="post" class="usereditprofileform">
<?php wp_nonce_field('edit-profile-password-nonce', 'security'); ?>
<input type="password" placeholder="old password" value="" name="karneta_currentpass" required>
<input type="password" placeholder="new password" value="" name="karneta_newpass" required>
<input type="password" placeholder="repeat new password" value="" name="karneta_repeatnewpass" required>
<input type="submit" value="change your pass" name="karneta_pass_submit">
</form>
</div>
</div>
2 Answers
Reset to default 0Nested if/else/elseifs are usually too complex for me to figure out.
I'd change your code to use SWITCH/CASE to determine proper input and to change the password if all is OK.
And to sanitize $_POST (and $_GET) inputs, I just put this in my functions file:
$_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
Then I don't have to remember to sanitize things elsewhere.
I solved myself. Ir is because of user ID:
incorrect:
wp_set_password($newpass,$UserID);
correct:
wp_set_password($newpass, $user->ID);