In a WP-based site I have a custom form which I need to hide from the general public and give access to only a select few who would then get a password from me, enter it and access the form and submit it. On form submission, I redirect them to another page. I have employed this bit of code below in my functions.php, which logs them out of the password-protected page, once redirected:
add_action( 'wp', 'post_pw_sess_expire' );
function post_pw_sess_expire() {
if ( isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
// Setting a time of 0 in setcookie() forces the cookie to expire with the session
setcookie('wp-postpass_' . COOKIEHASH, '', 0, COOKIEPATH);
}
Now the twist: once any of these select few are logged out of the password-protected page, I need the password to become invalid. Not necessarily, but sort of like a one-time password. A solution would be great, or please give me some pointers or alternatives if it’s not possible.
After submitting the form and before redirecting to new page, reset the current user’s password.
A simple
wp_update_user(array('ID' => $userid, 'user_pass' => 'YourNewPaSSword'));will do everything for you.I did this small test and it works, but I have no idea if it’s technically correct:
But there’s a bigger problem: we have one password per page, not one password per person. Once the first one enters the pass, the next ones won’t be able to use it. You’ll need to build your own solution setting different passwords and unsetting each one as soon as the person uses it.