Last active
June 8, 2021 19:09
-
-
Save petersplugins/4b55b8fffcf1b15aec33f22ab1b0767a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// This code snippet forces a new created user to change his password on first login | |
// To identify if a user changed his password we'll add an user meta key named password-changed when a user changes his password | |
// A new created user does not have this meta - so we know, he has to changed his password yet | |
// To force an user again to change his password we'd only have to delete the meta key | |
// Add a custom function to current_screen which is an admin hook triggered after the necessary elements to identify a screen are set up | |
add_action( 'current_screen', 'check_password_changed' ); | |
// This custom function checks if the currently logged in user has changed his passowrd at least once | |
// If not we redirect him to his profile page - it is not possible to access anything else inside the admin area | |
function check_password_changed( $current_screen ) { | |
if ( 'YES' !== get_user_meta( get_current_user_id(), 'password-changed', true ) ) { | |
// The user has to be forced to change his password, so we redirect him | |
// But first we have to change if we are not on the profile screen to avoid an endless loop | |
// Thanfully the current_screen hook provides a WP_Screen object as parameter | |
if ( 'profile' !== $current_screen->base ) { | |
wp_redirect( admin_url( 'profile.php' ) ); | |
exit; | |
} | |
} | |
} | |
// Add a custom function to inform the user, that he has to change his password | |
add_action( 'admin_notices', 'notice_password_change' ); | |
// This custom function informs the user that he has to change his password | |
function notice_password_change() { | |
if ( 'YES' !== get_user_meta( get_current_user_id(), 'password-changed', true ) ) { | |
// The user has not changed his password yet | |
// So we show him a message | |
// We don't have to check which screen we are on because we know that he only can access the profile | |
echo '<div class="error"><p><strong>You must change your password to get access to the admin area!</strong></p></div>'; | |
} | |
} | |
// Add a custom function to add meta data when a user changes his password | |
add_action( 'personal_options_update', 'update_password' ); | |
// This function adds the meta data on password change | |
function update_password( $user_id ) { | |
// Check if we have two matching passwords | |
// Newer WP version automatically set the second one via JavaScript - we dont' have to care about | |
if ( isset( $_POST['pass1'] ) && isset( $_POST['pass2'] ) && !empty( $_POST['pass1'] ) && ! empty( $_POST['pass1'] ) && $_POST['pass1'] == $_POST['pass2'] ) { | |
// Two passwords where posted and they match - this means the password was changed successfully | |
// The current user ID is provided as parameter | |
// We use update_user_meta() instead of add_user_meta(), so we don't have to care if the key already exists or not | |
update_user_meta( $user_id, 'password-changed', 'YES' ); | |
} | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment