How to verify old password from db before updating new password in WordPress

2 Views

How can I verify the old password from the database before updating the new one in WordPress. The POST variable brings the following data from the update password pages form. 

Array
(
    [old_password] => oldpass
    [new_password] => newpass
    [confirm_password] => newpass
)

Is there any default function which will handle this password update matter. What is the encryption method wordpress follows to encrypt the password?

Read More

I am still new to wordpress and couldn’t find any solve after googling this requirement. Please direct me to a solve.

Post Views: 2

Related posts

Leave a Reply

2 comments

  1. I had the similar problem and I have solved it, Here is the solve you can follow, it works good and I have already used it for my own project. Please let me know if you stuck with it.

    if( $_POST['submitpassword'] )
{
    $passdata = $_POST;
    unset($_POST,$passdata['submitpassword']);

    $user = wp_get_current_user(); //trace($user);
    $x = wp_check_password( $passdata['old_password'], $user->user_pass, $user->data->ID );

    if($x)
    {
        if( !empty($passdata['new_password']) && !empty($passdata['confirm_password']))
        {
            if($passdata['new_password'] == $passdata['confirm_password'])
            {
                $udata['ID'] = $user->data->ID;
                $udata['user_pass'] = $passdata['new_password'];
                $uid = wp_update_user( $udata );
                if($uid) 
                {
                    $passupdatemsg = "The password has been updated successfully";
                    $passupdatetype = 'successed';
                    unset($passdata);
                } else {
                    $passupdatemsg = "Sorry! Failed to update your account details.";
                    $passupdatetype = 'errored';
                }
            }
            else
            {
                $passupdatemsg = "Confirm password doesn't match with new password";
                $passupdatetype = 'errored';
            }
        }
        else
        {
            $passupdatemsg = "Please enter new password and confirm password";
            $passupdatetype = 'errored';
        }
    } 
    else 
    {
        $passupdatemsg = "Old Password doesn't match the existing password";
        $passupdatetype = 'errored';
    }
}

  2. test and working code 

    global $current_user;
get_currentuserinfo();
$username = $current_user->user_nicename;

$username = $username;
$oldpass =  $_POST['cpassword'];
$user = get_user_by( 'login', $username );

if ( $user && wp_check_password( $oldpass, $user->data->user_pass, $user->ID) )
echo "That's it";
else
echo "Nope";