发表新帖
发表新帖

php wordpress password change - logging me out!

前端 未结
关注
6 1176
栀梦
栀梦 2020-12-11 20:01

I\'m trying to build a simple wordpress password change script of my own (well, based on a plugin really) - the password is successfully changed - but it logs me out after t

相关标签:
6条回答
  • 眼角桃花
    2020-12-11 20:21

    Was linked here from another post, and wanted to give an updated solution to this problem, as some of these solutions (especially modifying wpdb->query directly) aren't best practice anymore.

    Update the user's password using wp_set_password(), and then log the user back in, using wp_signon().

    wp_signon will create the authentication cookie for you, as other users have suggested, but in a much more streamlined way. 

    function create_new_password_for_user($new_password){
    //Get the current user's details, while they're still signed in, in this scope.
     $current_user = wp_get_current_user();
     $current_user_id = $current_user->ID;
     $users_login = $current_user->user_email;

    //set their new password (this will trigger the logout)
    wp_set_password($new_password, $current_user_id);

    //setup the data to be passed on to wp_signon
    $user_data = array(
            'user_login'     => $users_login,
            'user_password'    => $new_password,
            'remember'        => false
        );

    // Sign them back in.
    $result = wp_signon( $user_data );

    if(is_wp_error($result)){
      //do something with an error, if there is one.
    }else{
      //do something with the successful change. 
    }
}
    0 讨论(0)
  • 情话喂你
    2020-12-11 20:30

    if you still look for an answer on this topic:, i found a solution!

    in short, after you update the password, clear the data and logout ( as you did)

    wp_cache_delete($user_ID,'users');
wp_cache_delete($user->user_login,'userlogins');
wp_logout();

    user is logged out now

    then

    do a 'redirect' to a new page to auto-login again Catch the call to this page via a add_action( 'wp', 'auto_login' ); (we must do this, before anything is send via 'headers')

    the auto_login function then can handle your request to auto login the given user.(via $_GET parameters)

    So when i redirect to the new page i pass on two parameters user_id (the user to login) a secret key (for security)

    $key =  password_hash('[some secret ]' . $user_id, PASSWORD_DEFAULT);

        wp_redirect( get_permalink( $to['fl_autologin'] ) . "/?p=" . urlencode( $key ) . "&z=" . $user_id );
        exit;

    then in the auto_login function i look for those two parameters decrypt the secret key to check if this is oke

                if ( $_GET['z'] && password_verify( '[some secret]' . $_GET['z'], urldecode( $_GET['p'] ) )) {

    if so, then login the given user

    $user    = get_user_by( 'id', $_GET['z'] );
            $user_id = $user->ID;
wp_set_current_user( $user_id, $user->user_login );
            wp_set_auth_cookie( $user_id );

            do_action( 'wp_login', $user->user_login );

    do some more security checks on this, like user_id must be valid etc if all oke, then you can redirect him to a home_page again

    hope this helps your issue

    0 讨论(0)
  • 猫巷女王i
    2020-12-11 20:33

    Actually this:

    if(!is_wp_error($update))
{
    wp_cache_delete($user_ID,'users');
    wp_cache_delete($user->user_login,'userlogins');
    wp_logout();
    if (wp_signon(array('user_login'=>$user->user_login,'user_password'=>$_POST['admin_pass1']),false)):
        wp_redirect(admin_url());
    endif;
    ob_start();
}

    means that if there are no errors the following functions will be executed. One of this functions is wp_logout() which will be always called if the conditional block is executed.

    If it's not what you want, then you want to consider replacing: 

    if(!is_wp_error($update))

    with:

    if(is_wp_error($update))
    0 讨论(0)
  • 暗喜
    2020-12-11 20:35

    You can try the below code. It won't log you out after changing the password.

    $userdata['ID'] = 1;
$userdata['user_pass'] = 'new_password';
wp_update_user( $userdata );

    Enjoy ;)

    0 讨论(0)
  • 长发绾君心
    2020-12-11 20:41

    After resetting password you have to set/reset cookies (http://codex.wordpress.org/Function_Reference/wp_set_auth_cookie)
    like this 

    $update = $wpdb->query($wpdb->prepare("UPDATE {$wpdb->users} SET `user_pass` = %s WHERE `ID` = %d",array(wp_hash_password($_POST['admin_pass1']),$user_ID)));

if(!is_wp_error($update))
{
    wp_cache_delete($user_ID,'users');
    wp_cache_delete($user->user_login,'userlogins');
    wp_logout();
    if (wp_signon(array('user_login'=>$user->user_login,'user_password'=>$_POST['admin_pass1']),false)):
        wp_redirect(admin_url());
    endif;
    ob_start();
}else{
    wp_set_auth_cookie( $current_user_id, true);
}

    To reset the password you'd better use wordpress functions like wp_check_password and wp_set_password because of integration with other applications/plugins.

    0 讨论(0)
  • 后悔当初
    2020-12-11 20:44

    Make sure the code is run before the end of HTTP headers and the beginning of regular page content. You may not get any warning if you inadvertently wait too long in the page generation process. It'll all just fail silently and you'll be logged out mysteriously (even though wp_signon() returns a valid WP_User object).

    0 讨论(0)
 看不清?
提交回复
热议问题