Question 165384 in Wordpress Question posted in
The official Wordpress documentation can be found here.

What’s the min password size for WordPress profile mods?

I have been trying for a few hours to get a minimum password size control system to work. It works for registration, but for profile modification I can’t get it to work. I have a function update_user that ends as follows:

// The password is updated only if a new one has been filled in
    if (isset($_POST['user_pass']) && !empty($_POST['user_pass'])) {
      $userdata['user_pass'] = trim($_POST['user_pass']);
    }

// We check that the password contains 8 characters 
    if ( strlen($_POST['user_pass']) < 8 ) {
      $errors = 'Your password must be at least 8 characters long and have at least one capital letter and one number in it.';
    }
      
// Update user
    wp_update_user($userdata);

// Redirect
    wp_redirect(site_url('/profile'));
    exit();
  }
}

I also tried going through a function alone but that didn’t work either.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Indeed it misses a condition to update the user after the password check. I tried your link, it does not work on my theme. In my profile.php file I have this code there that calls the error:

     <?php if ($error) : ?>
    <div class="alert alert-danger align-items-center" role="alert">
      <i class="fas fa-exclamation"></i>&nbsp;<?php echo $error; ?><button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
    </div>
 <?php endif ?>

    I did not succeed with my else as follows:

    if ( strlen($_POST['user_pass']) < 8 ) {
$error = 'Your password must be at least 8 characters long and have at least one capital letter and one number in it.';
} else {
    $user = wp_update_user(array(
    'user_pass'  => $d['user_pass'],
  ));
    if (is_wp_error($user)) {
    $error = $user->get_error_message();
 }
}

  2. 0

    I’m not particularly familiar with WordPress but the flow of your script doesn’t look right to me so maybe I can help fill in the blanks.

    Your issue is here:

    if ( strlen($_POST['user_pass']) < 8 ) {
    $errors = 'Your password must be at least 8 characters long and have at least one capital letter and one number in it.';
}

    If the password is too short, the only thing you do is set a variable. Then the script continues as normal.

    You need to somehow return the error back to the profile page and render it because as it currently stands, it will always keep updating the user’s data without preventing execution.

    Reading Material

    Enforcing password complexity

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search