There’s already a filter that will do that – wpmem_pwd_change_error. This filter allows for custom validation. Just make sure that if $is_error already has a value, that regardless of your custom validation that you return the $is_error value.
Ah! Awesome! I don’t know how I missed that, sorry. Thanks for the awesome plugin and great support. All of these hooks and filters are a life saver.
Sorry to open this up again but I’m hoping you can help me with this filter. I’m going insane trying to figure out why it isn’t working. Here is my code –
add_filter('wpmem_pwd_change_error', 'wp_members_validate_old_pass', 10, 3);
function wp_members_validate_old_pass($is_error, $user_ID, $pass1) {
if ( $is_error ) {
// There is already an error
return $is_error;
} else {
$current_password_input = wpmem_get('currentpass', false);
$user = get_user_by( 'ID', $user_ID );
$hashed_old_pass = $user->data->user_pass;
if (wp_check_password( $current_password_input, $hashed_old_pass, $user_ID )) {
// Entered current password DOES match
$is_error = false;
return $is_error;
} else {
// Entered current password DOESN'T match actual current password
$is_error = "pwchangerr";
return $is_error;
}
}
};
Everything seems to be working and the value “pwchangerr” is being returned with the filter to the $is_error variable. I checked by temporarily editing the inc/core.php file to log the variable when $is_error is confirmed to have a value after the filter.
But nothing happens when the function returns “pwchangerr” or any other value, the page just refreshes. “pwchangerr” is the same value that is returned by the plugin when the passwords don’t match. What am I doing wrong?
I found this post on the wp member site and went ahead and purchased a year membership to access it – http://rocketgeek.com/tips-and-tricks/add-current-password-confirmation-to-change-password-form/ . I’ll send a message to premium support if I am having any more problems, thanks!
Thanks for signing up and glad to have you as a premium support subscriber.
Just for anyone who comes along later, the tutorial and set of code snippets at the support site linked above describes how to implement this process. So we were able to get a fully working version of confirming password in place.
The primary issues with the code in this thread were that (1) it did have a typo in it (“pwchangerr” should have been “pwdchangerr”) and (2) it needed to also trigger a message for the user.
Incidentally, for those not inclined to use custom code snippets, I am working adding this process as a feature in either the Advanced Options extension or a new Security extension that is being worked on (it will replace the http://rocketgeek.com/plugins/wp-members/extensions/registration-blacklist-extension/ extension – essentially adding more security oriented features such as enforcing strong passwords, password expiration, disallowing concurrent logins, etc). These extensions are available to support subscribers.
