Im trying to use $_POST method after password reset submit action here is the code

add_action( 'after_password_reset', 'action_function', 10, 2 );
function action_function( $user, $new_pass ){
    if (isset( $_POST['password_1'] ) ) {
        update_user_meta($user->ID, 'user_pass2', password_hash($_POST['password_1'], PASSWORD_DEFAULT));
    }
}

however it doest get fired

any tip?

also the reason I need the password is using for another app credentials for example the following code shows how I use $_POST during profile_update

function my_profile_update( $user_id ) {
    // password changed...
    if ( ! is_admin() && isset( $_POST['password_1'] ) ) {
        update_user_meta($user_id, 'user_pass2', password_hash($_POST['password_1'], PASSWORD_DEFAULT));
        global $wpdb;
        global $current_user;
        $script_db = new wpdb('db', 'pass', 'user', 'localhost');
        get_currentuserinfo();
        $email = (string) $current_user->user_email;
        $password = (string)  get_user_meta( $current_user->ID, 'user_pass2', true );;
        $query   = $script_db->prepare( "SELECT * FROM {$script_db->prefix}np_users WHERE email = %s", $email );
        $results = $script_db->get_results($query);
        if(count( $results ) > 0) {
            $id = $results[0]->id;
            $script_db->update('np_users', array(
            'password' => $password
            ),array('id'=>$id));
        }
    }

}
add_action( 'profile_update', 'my_profile_update' );

Im trying to use $_POST method after password reset submit action here is the code

add_action( 'after_password_reset', 'action_function', 10, 2 );
function action_function( $user, $new_pass ){
    if (isset( $_POST['password_1'] ) ) {
        update_user_meta($user->ID, 'user_pass2', password_hash($_POST['password_1'], PASSWORD_DEFAULT));
    }
}

however it doest get fired

any tip?

also the reason I need the password is using for another app credentials for example the following code shows how I use $_POST during profile_update

function my_profile_update( $user_id ) {
    // password changed...
    if ( ! is_admin() && isset( $_POST['password_1'] ) ) {
        update_user_meta($user_id, 'user_pass2', password_hash($_POST['password_1'], PASSWORD_DEFAULT));
        global $wpdb;
        global $current_user;
        $script_db = new wpdb('db', 'pass', 'user', 'localhost');
        get_currentuserinfo();
        $email = (string) $current_user->user_email;
        $password = (string)  get_user_meta( $current_user->ID, 'user_pass2', true );;
        $query   = $script_db->prepare( "SELECT * FROM {$script_db->prefix}np_users WHERE email = %s", $email );
        $results = $script_db->get_results($query);
        if(count( $results ) > 0) {
            $id = $results[0]->id;
            $script_db->update('np_users', array(
            'password' => $password
            ),array('id'=>$id));
        }
    }

}
add_action( 'profile_update', 'my_profile_update' );

• woocommerce-offtopic
• hooks
• actions
• password

Share Improve this question edited Mar 31, 2019 at 19:20 zEn feeLo asked Mar 31, 2019 at 17:38 zEn feeLozEn feeLo 20733 silver badges1818 bronze badges 2

• I dont want to store the raw format, I have another app installed on subdomain which use different format of hashing the password , I should store the credentials to use it for registration the user in db (writing after purchasing some packages) so I dont want to do anything stupid regarding to passwords – zEn feeLo Commented Mar 31, 2019 at 18:57
• I updated the question please check – zEn feeLo Commented Mar 31, 2019 at 19:01

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 1

You shouldn't use these hooks for that. If you wan't to use the same password for some other app, then it's crucial, that the password will always be the same.

So the best way will be to make sure it will be always true. How? By taking care of that.

WordPress uses wp_set_password function every time the password is changed. There are no hooks inside of it (https://core.trac.wordpress/browser/tags/5.1.1/src/wp-includes/pluggable.php#L0), but it's pluggable - so you can write your own version of it. So do it:

function wp_set_password( $password, $user_id ) {
    // Keep original WP code
    global $wpdb;

    $hash = wp_hash_password( $password );
    $wpdb->update(
        $wpdb->users,
        array(
            'user_pass'           => $hash,
            'user_activation_key' => '',
        ),
        array( 'ID' => $user_id )
    );

    wp_cache_delete( $user_id, 'users' );

    // and now add your own
    $script_db = new wpdb('db', 'pass', 'user', 'localhost');

    $custom_hash = password_hash( $password, PASSWORD_DEFAULT );
    $userdata = get_userdata( $user_id );

    $script_db->update(
        'np_users',
        array( 'password' => $custom_hash ),
        array( 'email' => $userdata->user_email )
    );
}

This way the password will always be synchronized. (For example your code would break the passwords if admin changed the password for user).

You also don't have to store second hash as user meta. And it performs less queries - you don't have to select user by email and then update the password using his ID - you can just run the update.

All you need to do is to put that function in your plugin.