Skip to:
Content
Pages
Categories
Search
Top
Bottom

Here is one for the techies

  • Avatar of Henry
    Henry
    Participant

    @henrywright-1

    When a member tries to change their password, the current password is required in order to proceed. A member would have already logged in with their username and password so I want to remove the requirement to enter their current password.

    How can I make the current password field no longer required on the general settings page?

Viewing 9 replies - 1 through 9 (of 9 total)
  • Avatar of Henry
    Henry
    Participant

    @henrywright-1

    Would this work? Remove this:

    && wp_check_password( $_POST['pwd'], $bp->displayed_user->userdata->user_pass, bp_displayed_user_id() )

    from bp-settings/bp-settings-actions.php

    I don’t really want to hack the core though.

    Avatar of @modemlooper
    @modemlooper
    Moderator

    @modemlooper

    it’s a security check but if you must

    echo password into field and make field hidden.

    Avatar of Henry
    Henry
    Participant

    @henrywright-1

    Thanks but wouldn’t the password then be visible in the hidden input’s value attribute (visible via the page source)?

    Avatar of kizzywizzy
    kizzywizzy
    Participant

    @kizzywizzy

    I doubt the password would be visible in the page source. Even if it is, no one will see it but the user him or herself, if they even think about randomly viewing the page source. Ordinary users dont view page sources, and as I stated before, I doubt the password would be visible in the source.

    Avatar of Henry
    Henry
    Participant

    @henrywright-1

    If you echo it to the value attribute of the hidden input then it would be visible in the source. This of course isn’t much of an issue as it would be the logged-in user only who could see it. Once logged out (or once they move to a different page) the value would be gone from possible view.

    Just got to work out how best to echo the password… perhaps @modemlooper can help point me in the right direction with that?

    Avatar of luccame
    luccame
    Participant

    @luccame

    Hey guys!

    echo what? You do not have passwords of users to start with.

    Avatar of Henry
    Henry
    Participant

    @henrywright-1

    Hey Luccame. Good point. Of course the passwords won’t be available as they’ll be only computer readable. Any more suggestions on how I could make the current password field not required on the general settings page?

    Avatar of @modemlooper
    @modemlooper
    Moderator

    @modemlooper

    You can get the password out of the db but it’s not safe.

    why the need, users rarely change a password?

    Avatar of Henry
    Henry
    Participant

    @henrywright-1

    The main reason is I am using the Twit Connect plugin which seems to be the only plugin which let’s a member register via Twitter that is compatible with BuddyPress. When a user ┬ásigns up their email isn’t captured as Twitter doesn’t make it available via their API. They also don’t have a password given to them but I assume BuddyPress creates one automatically for them. So if the user wants to log in in future they always have to use their Twitter to connect. There is no fall back on a username and password. My idea is to get them to add their email and password via general settings. But there is the problem of the current password requirement.

     

    Any ideas how I could best approach the problem?

     

     

Viewing 9 replies - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.