WordPress – Custom Change Password page

I’m trying to create custom page for Change Password under Profile. When I store/update the new user password(already change to hash value), it will logout automatically. The new password can be use to login again. Is there any way to update user password without logout afterward? I would like to avoid using plugin…Below are my code:-

<form method='post' action='changepassword'>
<div class='mypageMyDetailsBox'>
<span class='titleSub'>Password</span>
<table width='90%' align="center">
<tr>
<td width='40%'>Current Password</td>
<td width='60%'><input type='text' name='currentpassword' size='70'></td>
</tr>
<tr>
<td>New Password</td>
<td><input type='text' name='newpassword' size='70'></td>
</tr>
<tr>
<td>Confirm New Password</td>
<td><input type='text' name='confirmpassword' size='70'></td>
</tr>
</table>
</div>

</div>
<div align='center'>
<input type='submit' name='submit_update' value='Update' class='subUpt'>
</div>
</form>
<?php 
if (isset($_POST['submit_update'])) {

$currentpassword = $_POST['currentpassword'];
$newpassword = $_POST['newpassword'];

require_once ABSPATH . 'wp-includes/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );

$user_info = get_userdata($currentUserID); 
$user_pass = $user_info->user_pass;

if($wp_hasher->CheckPassword($currentpassword, $user_pass)) {
    $passhash = wp_hash_password($newpassword);
    $upd = $wpdb->query("UPDATE wp_users SET user_pass = '".$passhash."' WHERE ID = ".$currentUserID." LIMIT 1");
    if ($upd) {        
        //Success
    }
} else {
    //Password not match 
}
}
?>

Thank you in advance.

Related posts

Leave a Reply

3 comments

  1. You should try using wp_set_password, instead of directly using WP_Query. While I haven’t tested it specifically, it should update the password and not require you to logout and log back in.

    EDIT: The problem is the cookie becomes invalid. You’ll need to set/reset cookies using wp_set_auth_cookie. Try adding this:

    if(!is_wp_error($update))
    {
        wp_cache_delete($user_ID,'users');
        wp_cache_delete($user->user_login,'userlogins');
        wp_logout();
        if (wp_signon(array('user_login'=>$user->user_login,'user_password'=>$_POST['admin_pass1']),false)):
            wp_redirect(admin_url());
        endif;
        ob_start();
    }else{
        wp_set_auth_cookie( $current_user_id, true);
    }
    
  2. This wasn’t working for me so I’m posting this for future reference:

    wp_set_password($_POST['new_password'], $user_id);
    $current_user = wp_signon(array('user_login' => $user_login, 'user_password' => $_POST['new_password']));
    
  3. A full change password custom page working on wordpress 5.5.1

    This control:

    • validates user input
    • provides basic messages about user input
    • changes the password
    • does not logout after changing the password
    <?php 
    
    global $wp;
    $current_slug = add_query_arg( array(), $wp->request );
    $full_path=add_query_arg( $wp->query_vars, home_url( $wp->request ) );
    
    
    if (isset($_POST['submit_update'])) {
    
    $currentpassword = $_POST['currentpassword'];
    $newpassword = $_POST['newpassword'];
    $confirmpassword = $_POST['confirmpassword'];
    $empty_new_pw = empty($newpassword) || empty($confirmpassword);
    
    require_once ABSPATH . 'wp-includes/class-phpass.php';
    $wp_hasher = new PasswordHash( 8, true );
    
    $user = wp_get_current_user();
    
    $password_changed_ok = false;
    $invalid_password = false;
    $passwords_dont_match = ($newpassword != $confirmpassword);
    
    //$newpasswordhash = wp_hash_password($currentpassword);
    
    if ($passwords_dont_match || $empty_new_pw) {
      // empty on purpose
    } else if ( wp_check_password( $currentpassword, $user->user_pass, $user->ID ) ) {
      wp_set_password($newpassword, $user->ID);
    
      $userid=$user->ID;
    
    //  $user = wp_signon(array('user_login' => $user->user_login, 'user_password' => $newpassword));
    
      $userdata['ID'] = $userid; //user ID
      $userdata['user_pass'] = $newpassword;
      wp_update_user( $userdata );
    
      $password_changed_ok = true;
    } else {
      $invalid_password = true;
    }
    
    }
    ?>
    
    
    
    <form method='post' action='/<?php print("$full_path"); ?>'>
    <div class='mypageMyDetailsBox'>
    
    <?php if ($password_changed_ok): ?>
    <span class='titleSub'>Hasło zmienione poprawnie!</span>
    <?php else: ?>
    <span class='titleSub'>Zmień hasło</span>
    <?php endif ?>
    <br/>
    <table width='90%' align="center">
    <tr>
    <td width='40%'>Aktualne hasło</td>
    <td width='60%'><input type='password' name='currentpassword' size='70'>
    <?php if ($invalid_password): ?>
    Niepoprawne hasło
    <?php endif ?>
    </td>
    </tr>
    <tr>
    <td>New Password</td>
    <td><input type='password' name='newpassword' size='70'>
    <?php if ($empty_new_pw): ?>
    Wpisz nowe hasło
    <?php endif ?>
    </td>
    </tr>
    <tr>
    <td>Confirm New Password</td>
    <td><input type='password' name='confirmpassword' size='70'>
    <?php if ($passwords_dont_match): ?>
    Hasła się nie zgadzają
    <?php endif ?>
    <?php if ($empty_new_pw): ?>
    Wpisz nowe hasło powtórnie
    <?php endif ?>
    </td>
    </tr>
    </table>
    </div>
    
    </div>
    <div align='center'>
    <input type='submit' name='submit_update' value='Update' class='subUpt'>
    </div>
    </form>