Skip to:
Content
Pages
Categories
Search
Top
Bottom

Here is one for the techies

  • @henrywright-1

    Member

    When a member tries to change their password, the current password is required in order to proceed. A member would have already logged in with their username and password so I want to remove the requirement to enter their current password.

    How can I make the current password field no longer required on the general settings page?

Viewing 9 replies - 1 through 9 (of 9 total)
  • @henrywright-1

    Member

    Would this work? Remove this:

    && wp_check_password( $_POST[‘pwd’], $bp->displayed_user->userdata->user_pass, bp_displayed_user_id() )

    from bp-settings/bp-settings-actions.php

    I don’t really want to hack the core though.

    @modemlooper

    Moderator

    it’s a security check but if you must

    echo password into field and make field hidden.

    @henrywright-1

    Member

    Thanks but wouldn’t the password then be visible in the hidden input’s value attribute (visible via the page source)?

    @kizzywizzy

    Participant

    I doubt the password would be visible in the page source. Even if it is, no one will see it but the user him or herself, if they even think about randomly viewing the page source. Ordinary users dont view page sources, and as I stated before, I doubt the password would be visible in the source.

    @henrywright-1

    Member

    If you echo it to the value attribute of the hidden input then it would be visible in the source. This of course isn’t much of an issue as it would be the logged-in user only who could see it. Once logged out (or once they move to a different page) the value would be gone from possible view.

    Just got to work out how best to echo the password… perhaps @modemlooper can help point me in the right direction with that?

    @luccame

    Participant

    Hey guys!

    echo what? You do not have passwords of users to start with.

    @henrywright-1

    Member

    Hey Luccame. Good point. Of course the passwords won’t be available as they’ll be only computer readable. Any more suggestions on how I could make the current password field not required on the general settings page?

    @modemlooper

    Moderator

    You can get the password out of the db but it’s not safe.

    why the need, users rarely change a password?

    @henrywright-1

    Member

    The main reason is I am using the Twit Connect plugin which seems to be the only plugin which let’s a member register via Twitter that is compatible with BuddyPress. When a user  signs up their email isn’t captured as Twitter doesn’t make it available via their API. They also don’t have a password given to them but I assume BuddyPress creates one automatically for them. So if the user wants to log in in future they always have to use their Twitter to connect. There is no fall back on a username and password. My idea is to get them to add their email and password via general settings. But there is the problem of the current password requirement.

     

    Any ideas how I could best approach the problem?

     

     

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Here is one for the techies’ is closed to new replies.
Skip to toolbar