php wordpress password change - logging me out!

Question

I\'m trying to build a simple wordpress password change script of my own (well, based on a plugin really) - the password is successfully changed - but it logs me out after t

Answer 1

if you still look for an answer on this topic:, i found a solution!

in short, after you update the password, clear the data and logout ( as you did)

wp_cache_delete($user_ID,'users');
wp_cache_delete($user->user_login,'userlogins');
wp_logout();

user is logged out now

then

do a 'redirect' to a new page to auto-login again Catch the call to this page via a add_action( 'wp', 'auto_login' ); (we must do this, before anything is send via 'headers')

the auto_login function then can handle your request to auto login the given user.(via $_GET parameters)

So when i redirect to the new page i pass on two parameters user_id (the user to login) a secret key (for security)

$key =  password_hash('[some secret ]' . $user_id, PASSWORD_DEFAULT);

        wp_redirect( get_permalink( $to['fl_autologin'] ) . "/?p=" . urlencode( $key ) . "&z=" . $user_id );
        exit;

then in the auto_login function i look for those two parameters decrypt the secret key to check if this is oke

            if ( $_GET['z'] && password_verify( '[some secret]' . $_GET['z'], urldecode( $_GET['p'] ) )) {

if so, then login the given user

$user    = get_user_by( 'id', $_GET['z'] );
            $user_id = $user->ID;
wp_set_current_user( $user_id, $user->user_login );
            wp_set_auth_cookie( $user_id );

            do_action( 'wp_login', $user->user_login );

do some more security checks on this, like user_id must be valid etc if all oke, then you can redirect him to a home_page again

hope this helps your issue