I have change password at front-end and i m using wp_user_update function,but when user change password it have been log out. the problem is that my old cookies is not updated,so how to update password without log out.have any idea?..
global $wpdb, $current_user;
$user_id = $current_user->ID;
wp_update_user(array('ID'=>$user_id,'user_pass'=>$_POST['user_pass']));
The answer by Aaron Forgue at the WordPress Support is 3 years old, but might be interesting. I had to change the $wpdb->query() to make it work:
global $wpdb;
$profile_id = $_POST['prof_id'];
$username = $_POST['log_name'];
$password = $_POST['wachtwoord'];
$md5password = wp_hash_password($password);
// You may want to use $wpdb->prepare() here. As it stands, malicous code could be passed in via $_POST['prof_id'] or $_POST['log_name']
$wpdb->query( $wpdb->prepare(
"
UPDATE $wpdb->users SET user_pass = %s WHERE ID = %d
",
$md5password,
$profile_id
) );
// Here is the magic:
wp_cache_delete($profile_id, 'users');
wp_cache_delete($username, 'userlogins'); // This might be an issue for how you are doing it. Presumably you'd need to run this for the ORIGINAL user login name, not the new one.
wp_logout();
wp_signon(array('user_login' => $username, 'user_password' => $password));
Credits go to this plugin for the above trick: http://wordpress.org/extend/plugins/change-password-e-mail/
As mentioned by Robahas, make sure that this code is run before headers are sent, else the wp_signon() will not work and the user will be logged out anyway.
Related
I have used the following custom code.
add_filter( 'woocommerce_email_recipient_new_order', 'custom_wc_email_recipient_new_order', 10, 2 );
function custom_wc_email_recipient_new_order( $recipient, $order ) {
// Get the user ID of the order's creator
$user_id = $order->get_user_id();
// Get the user's role
$user = get_userdata( $user_id );
$user_role = $user->roles[0];
// Only send the email to the admin email if the customer has the specified user role
if ( $user_role == 'role1' ) {
return $recipient .= ', admin#website.com';
}
// Return the original recipient for all other user roles
return $recipient;
}
The code works perfectly fined and does what it is required to do, however, once the code has been used once (so once an order has been placed) if I try to access the "Emails" tab in "WooCommerce > Settings", I get a fatal error on the website and all I see is the below image.
Is there a reason for this, and if so, a way I can fix it?
EDIT - Added part of the error log:
[20-Dec-2022 17:12:00 UTC] WordPress database error Unknown column 'wp_postmeta.post_id' in 'where clause' for query SELECT meta_id FROM wp_8hkq051x71_postmeta,
(SELECT DISTINCT post_id FROM wp_8hkq051x71_postmeta
WHERE (meta_key = '_billing_country' OR meta_key='_shipping_country') AND meta_value='UA')
AS states_in_country
WHERE (meta_key='_billing_state' OR meta_key='_shipping_state')
AND meta_value='CV'
AND wp_postmeta.post_id = states_in_country.post_id
LIMIT 100 made by do_action_ref_array('action_scheduler_run_queue'), WP_Hook->do_action, WP_Hook->apply_filters, ActionScheduler_QueueRunner->run, ActionScheduler_QueueRunner->do_batch, ActionScheduler_Abstract_QueueRunner->process_action, ActionScheduler_Action->execute, do_action_ref_array('woocommerce_run_update_callback'), WP_Hook->do_action, WP_Hook->apply_filters, WC_Install::run_update_callback, wc_update_721_adjust_ukraine_states, Automattic\WooCommerce\Database\Migrations\MigrationHelper::migrate_country_states, Automattic\WooCommerce\Database\Migrations\MigrationHelper::migrate_country_states_for_orders
I have many lines like the one above, the only part that seems to change on each line is the:
AND meta_value='CV'
The CV changes to CH, CK, KS, etc.
Second Edit - Code Fix
The initial problem with the code was a WooCommerce bug. With that bug solved, I still couldn't modify email recipients in the WooCommerce Emails tab in the Settings. To be able to modify recipients there you need to use the following modified code.
add_filter( 'woocommerce_email_recipient_new_order', 'custom_wc_email_recipient_new_order', 10, 2 );
function custom_wc_email_recipient_new_order( $recipient, $order ) {
if ( $order ) {
// Get the user ID of the order's creator
$user_id = $order->get_user_id();
// Get the user's role
$user = get_userdata( $user_id );
$user_role = $user->roles[0];
// Only send the email to the admin email if the customer has the specified user role
if ( $user_role == 'role1' ) {
return $recipient .= ', admin#website.com';
}
// Return the original recipient for all other user roles
return $recipient;
}
return $recipient;
}
Thanks for posting the error log, now it all makes sense. It's a database error, it says wp_postmeta.post_id is missing. This happens because you are using a custom database prefix wp_8hkq051x71 and some code that generated this SQL wasn't using $wpdb->postmeta or $wpdb->prefix. Instead, there was a hardcoded wp_postmeta value and that table really doesn't exists in your database.
But how that happened?
WooCommerce team made some changes to country states, in this case Ukrainian states and they made a bug inside the update script.
They already fixed it 19 hours ago: https://github.com/woocommerce/woocommerce/commit/6a1a7d7e15f488064f872020d42b7a58a2980c38
So just update WooCommerce to the latest version and the bug will disappear.
Also, I would highly recommend you to use only stable releases of WooCommerce instead of latest dev versions.
Current stable version is 7.1.1 and current dev version with included fix for this issue is 7.2.1 (https://github.com/woocommerce/woocommerce/releases/tag/7.2.1)
The problem is not related to your custom_wc_email_recipient_new_order at all. It's just a coincidence that you noticed this bug after you added your change.
I checked the wordpress documents for function:
wp_check_password( string $password, string $hash, string|int $user_id = '' )
and cannot figure out what is the purpose for $user_id. I thought it is the user_id column in my database, but just set it to some random numbers (or string) and it works.
Sorry if it is a duplicate question or has already answered.
wp-includes/pluggable.php contains this function. The user_id argument is used twice:
if ( $check && $user_id ) {
// Rehash using new hash.
wp_set_password($password, $user_id);
$hash = wp_hash_password($password);
}
This piece will set a users password if the passwords entered match. This is useful if you install a plugin that changes the password hashing mechanics, because it will migrate any passwords entered to the new mechanism when a user logs in.
This is, for instance, used by roots wp-password-bcrypt plugin.
The second line occurs twice, but both times with a return statement:
return apply_filters( 'check_password', $check, $password, $hash, $user_id );
This simply lets you catch that a password was just checked and, if needed, modify the result of the check.
I have a website that is hosted by godaddy.My website made in WordPress and I want access my word press websites admin panel and I do not have username and password but I have access to FTP of my website.
Kindly tell me if there is any way I can reset or know previous username and password of my word press admin panel?
Many Thanks.
Mark
You may also add following code in functions.php to create a new admin user
function wpb_admin_account(){
$user = 'Username';
$pass = 'Password';
$email = 'email#domain.com';
if ( !username_exists( $user ) && !email_exists( $email ) ) {
$user_id = wp_create_user( $user, $pass, $email );
$user = new WP_User( $user_id );
$user->set_role( 'administrator' );
} }
add_action('init','wpb_admin_account');
I had implemented this solution when I was stuck in same issue.
I'm not sure of a way you can reset your password or check your username via FTP. You need to access your database for that information. I would Login to your cpanel at godaddy and go into phpMyAdmin. Login in and find your Wordpress database, and then look at the table called wp_users. This will give you a list of all the users and their information. The password will be encrypted, but you now be able to go to the Wordpress login page and click forgot password and rest one of the users now that you know the right username or the email associated to that user.
Step by step tutorial here, VERY EASY!
https://codex.wordpress.org/Resetting_Your_Password#Through_FTP
To reset your password using ftp
download function.php file of your activated theme.
put this function
save and upload
You can also use this function to create new user.
$user_id = wp_create_user($username, $password); //it will return user id
$user = new WP_User($user_id); //get the user
$user>set_role('administrator'); //set user_role to administrator
Enjoy !!!
I have to integrate PrestaShop 1.5 with pre-existing symfony application.
Through webservices, I can keep the databases in sync so a user can perform login with the same data on both PrestaShop and application software.
Now I want to to ensure that logging in application, the user is automatically logged in the PrestaShop platform.
Can you help me?
I don't know if you're still searching for a solution but there is a way actually.
DO MAKE SURE IT IS A SECURE LOGIN.
Since you're giving access to all prestashop data do make sure the login is very secure. I've been able to recreate it with PHP I think that with some additions you're able to recreate it the way you want it. See it as a guideline.
To create a login system by using the prestashop webservice you'll need three things
Access through webservice to the customers table
The COOKIE_KEY, defined in app/config -> parameters.php:: 'cookie_key' => '12321test';
Some expierence with PHP
The first thing is to get the customers table from the webservice.
// code placeholder
require_once('./../PSWebServiceLibrary.php');
/**
* get information from PrestaShop
*/
$webService = new PrestaShopWebservice($url, $key, $debug);
$COOKIE_KEY = 'CookieKey';
$email = $_REQUEST['email'];
$password = $_REQUEST['password'];
$optUser = array(
'resource' => 'customers',
'filter[email]' => '[' . $email . ']',
'display' => '[id,email,lastname,firstname,passwd]'
);
$resultUser = ($webService->get($optUser));
$json = json_encode($resultUser);
The second and most important thing is to Check the user input
// code placeholder
foreach ($resultUser->customers->customer as $info) {
// Prestashop uses the cookie_key in combination with a salt key. To check the password use the php function: password_verify();
$salt = substr($info->passwd, strrpos($info->passwd, ':') + 1, 2);
$ZCpassword = md5($COOKIE_KEY . $password) . ':' . $salt;
// Check if password comparison is true or false
if (password_verify($password, $info->passwd) == true) {
session_start();
$response = array();
$response['status'] = 'succes';
$response['message'] = "You did it!";
setcookie("userId", $info->id);
header('Content-type: application/json');
echo json_encode($response);
} else {
$response = array();
$response['status'] = 'error';
$response['message'] = 'Wrong password';
header('Content-type: application/json');
echo json_encode($response);
}
}
This is how to reproduce the issue to a working example.
What i've used is setting a cookie and check if it exists!
Hope this helps!
i have tried everything i could find to set the user password on registration, but no success... I have the fields showing up, the verification(if the passwords match etc) i print them on screen, i print the userid on screen so every argument needed is there, but the function doesn't seem to work at all...
This doesn't work...
$newpassword = "zzzzzz";
update_user_meta($user_id, 'user_pass', $newpassword);
This doesn't work either...
add_action( 'user_register', 'ts_register_extra_fields', 10 );
function ts_register_extra_fields($user_id, $password='11',$meta = array()){
$userdata = array();
if ( $_POST['password'] !== '' ) {
$userdata['user_pass'] = $_POST['password'];
}
$new_user_id = wp_update_user( $userdata );
}
My customer needs this for tomorrow, so I'm totally lost by now, i have no clue on why it's not working...
Forgot to add, all this code is added in the functions.php of my theme. (It gets into it as i already said that i post the variables on screen).
add_action( 'user_register', 'ts_register_extra_fields', 100 );
function ts_register_extra_fields( $user_id, $password = '', $meta = array() ) {
$userdata = array();
$userdata['ID'] = $user_id;
$userdata['contacto'] = $_POST['contacto'];
$userdata['nif'] = $_POST['nif'];
if ( $_POST['password'] !== '' ) {
$userdata['user_pass'] = $_POST['password'];
echo "im in";
}
$new_user_id = wp_insert_user( $userdata );
echo "id-".$userdata['ID'];
echo "contacto-".$userdata['contacto'];
echo "nif-".$userdata['nif'];
echo "pass-".$userdata['user_pass'];
}
All those echos output the correct data... for example id = 195 the next time i try 196 etc...
contacto and nif show the data that i input in the custom registration field and the pass also shows the data that i had inputed in the custom registration field password...
First of all, I think WordPress is using MD5 encryption for passwords.
$hash = wp_hash_password( $newpassword );
// then wp_update_user with $hash as the user_pass value
Secondly, you shouldn't send passwords in clear text over the Internet. If you can encrypt the password with javascript before you send it, it would probably be a lot safer.
At last, give a shot at updating an existing user by specifying ID in wp_update_user.
A HA! Found the error. I have another plugin installed called "New User Aprovement" which required an administrator aprovement in order for the user to login. That plugin when the administrator accepted the user to login, generated another password (to be able to send the password to the user in a readable mode), invalidating the password update that i made when the user registered(because it generated a random password after the admin accept).
I found this by disabling the plugin and testing the functions.php. It did work. In order to make them both work i just erased the code in the plugin that generated a random password. Although the user doesn't receive the account summary via email. It works for my needs.
Best Regards,
Vcoder