Skip to content
Advertisement

WordPress – Custom Change Password page

I’m trying to create custom page for Change Password under Profile. When I store/update the new user password(already change to hash value), it will logout automatically. The new password can be use to login again. Is there any way to update user password without logout afterward? I would like to avoid using plugin…Below are my code:-

<form method='post' action='changepassword'>
<div class='mypageMyDetailsBox'>
<span class='titleSub'>Password</span>
<table width='90%' align="center">
<tr>
<td width='40%'>Current Password</td>
<td width='60%'><input type='text' name='currentpassword' size='70'></td>
</tr>
<tr>
<td>New Password</td>
<td><input type='text' name='newpassword' size='70'></td>
</tr>
<tr>
<td>Confirm New Password</td>
<td><input type='text' name='confirmpassword' size='70'></td>
</tr>
</table>
</div>

</div>
<div align='center'>
<input type='submit' name='submit_update' value='Update' class='subUpt'>
</div>
</form>
<?php 
if (isset($_POST['submit_update'])) {

$currentpassword = $_POST['currentpassword'];
$newpassword = $_POST['newpassword'];

require_once ABSPATH . 'wp-includes/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );

$user_info = get_userdata($currentUserID); 
$user_pass = $user_info->user_pass;

if($wp_hasher->CheckPassword($currentpassword, $user_pass)) {
    $passhash = wp_hash_password($newpassword);
    $upd = $wpdb->query("UPDATE wp_users SET user_pass = '".$passhash."' WHERE ID = ".$currentUserID." LIMIT 1");
    if ($upd) {        
        //Success
    }
} else {
    //Password not match 
}
}
?>

Thank you in advance.

Advertisement

Answer

You should try using wp_set_password, instead of directly using WP_Query. While I haven’t tested it specifically, it should update the password and not require you to logout and log back in.

EDIT: The problem is the cookie becomes invalid. You’ll need to set/reset cookies using wp_set_auth_cookie. Try adding this:

if(!is_wp_error($update))
{
    wp_cache_delete($user_ID,'users');
    wp_cache_delete($user->user_login,'userlogins');
    wp_logout();
    if (wp_signon(array('user_login'=>$user->user_login,'user_password'=>$_POST['admin_pass1']),false)):
        wp_redirect(admin_url());
    endif;
    ob_start();
}else{
    wp_set_auth_cookie( $current_user_id, true);
}
User contributions licensed under: CC BY-SA
3 People found this is helpful
Advertisement