If wp_generate_password() was called with the third parameter $extra_special_chars = true a space might be part of the password: function wp_generate_password( $length = 12, $special_chars = true, $extra_special_chars = false ) { $chars=”abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789″; if ( $special_chars ) $chars .= ‘!@#$%^&*()’; if ( $extra_special_chars ) $chars .= ‘-_ []{}<>~`+=,.;:/?|’; $password = ”; for ( $i = … Read more
What about considering a specific template that tests to see if the user is logged in using something like: if ( is_user_logged_in() ) { // your code for logged in user } else { // your code for logged out user (e.g. a “you must be logged in” message) } You could go so far … Read more
WordPress sends an email to the admin’s email when a user resets their password. To get a notification when a user changes their password you could hook into the profile_update action which is fired when a user’s profile is updated. When the action is fired WordPress has already validated and updated the user’s details we … Read more
As of WordPress 4.4, the action lostpassword_post passes the $errors object: function wpse_185243_lastpassword_post( $errors ) { if ( ! $captcha_valid /* The result of your captcha */ ) { $errors->add( ‘invalid_captcha’, ‘<strong>ERROR:</strong> Try again sonny.’ ); } } add_action( ‘lostpassword_post’, ‘wpse_185243_lastpassword_post’ ); Pre 4.4 legacy answer Here’s the relevant code you’re referring to (retrieve_password() in … Read more
Yes, but you’ll need to hold the details of how a password maps to a post. So: store mappings somewhere, easiest as a hash/key-value pair (password->post_id) get password from field determine post_id, and construct the URL use wp_redirect() to redirect the user.
You want the filters… retrieve_password_message for the actual email content. Your hooked function will get the message as the first argument and the user’s reset key as the second. <?php add_filter(‘retrieve_password_message’, ‘wpse103299_reset_msg’, 10, 2); function wpse103299_reset_msg($message, $reset_key) { // … } retrieve_password_title for the the email subject. <?php add_filter(‘retrieve_password_title’, ‘wpse103299_reset_subject’); function wpse103299_reset_subject($subject) { // … … Read more
the given answers have good intentions. But are not good. There are more parameters to the filter function call, 4 to be exact. this worked for me for the message (i wanted to replace username with user email) note we have a multi site page. You might want to replace network_site_url with get_site_url() typically in … Read more
TL;TR? Spoiler alert – hover over the next blockquote to expose it. Building an archive that is easily filterable by the currently entered password is nothing that is easy and surely not elegant buildable. The solution involves a secondary query and a small plugin, but it works. All errors and wrong paths are shown as … Read more
You shouldn’t have to send them passwords. That’s a bad idea. Instead, make sure your web server has email setup properly and your user accounts have the correct email addresses. Then all you’ll have to do is send them the link to the Forgot Password link provided by WordPress by default. It looks like this: … Read more
Your example works correctly. You are checking if password hello matches hashed hello – which it naturally does. Hadn’t thought it through. Your example causes following issue: You check if hello matches md5 of hello (instead of hash from user’s profile). It does and then WP thinks this is correct, but outdated md5 hash – … Read more