Would this work? Remove this:
&& wp_check_password( $_POST[‘pwd’], $bp->displayed_user->userdata->user_pass, bp_displayed_user_id() )
from bp-settings/bp-settings-actions.php
I don’t really want to hack the core though.
it’s a security check but if you must
echo password into field and make field hidden.
Thanks but wouldn’t the password then be visible in the hidden input’s value attribute (visible via the page source)?
I doubt the password would be visible in the page source. Even if it is, no one will see it but the user him or herself, if they even think about randomly viewing the page source. Ordinary users dont view page sources, and as I stated before, I doubt the password would be visible in the source.
If you echo it to the value attribute of the hidden input then it would be visible in the source. This of course isn’t much of an issue as it would be the logged-in user only who could see it. Once logged out (or once they move to a different page) the value would be gone from possible view.
Just got to work out how best to echo the password… perhaps @modemlooper can help point me in the right direction with that?
Hey guys!
echo what? You do not have passwords of users to start with.
Hey Luccame. Good point. Of course the passwords won’t be available as they’ll be only computer readable. Any more suggestions on how I could make the current password field not required on the general settings page?
You can get the password out of the db but it’s not safe.
why the need, users rarely change a password?
The main reason is I am using the Twit Connect plugin which seems to be the only plugin which let’s a member register via Twitter that is compatible with BuddyPress. When a user signs up their email isn’t captured as Twitter doesn’t make it available via their API. They also don’t have a password given to them but I assume BuddyPress creates one automatically for them. So if the user wants to log in in future they always have to use their Twitter to connect. There is no fall back on a username and password. My idea is to get them to add their email and password via general settings. But there is the problem of the current password requirement.
Any ideas how I could best approach the problem?