强制用户在首次登录网站时使用快捷码更改其密码

时间:2018-12-14 作者:user2898349

我正在开发WP 4.9.8,并寻找一个脚本,强制用户在第一次查看网站时更改密码。这是一个企业网站,用户通过导入带有虚假电子邮件的csv文件添加。无法更改电子邮件。

更改密码的表单必须位于页面中,不能是profile.php

我找到了Simon Blackbourn的密码(https://github.com/lumpysimon/wp-force-password-change) 但是:

表单位于页面模型中,我希望在Elementor创建的页面中显示一个短代码。我不知道如何创建这个短代码。表单在第一次连接时显示得很好,但提交后什么也没有发生我在WP网站上找到了一个插件,但它打开了配置文件。php页面(强制更改密码)。

我从pippinsplugins页面找到了代码(https://pippinsplugins.com/change-password-form-short-code/) wich显示带有短代码的表单。

但我不知道如何处理它们来满足我的需要。非常感谢,如果我不太容易理解,请原谅,我是法国人;-)

我想我会发疯的:-(什么都不起作用。登录页面是一个带有显示表单的快捷码的自定义页面。1.强制密码更改重定向插件不起作用。只有当Peter的重定向被激活并带有更改密码的页面链接时,才可以。我尝试了不同的方法。如果我不再出错,那就不好了。用户已登录,但未重定向到更改密码页面,它始终是输入要登录的表单。我所做的最后一个测试是在wp\\u get\\u current\\u user()之后添加行,从而有效地更改密码插件:

function force_password_change_redirect() {

    global $current_user;

    if ( is_admin() ) {
        $screen = get_current_screen();
        if ( \'profile\' == $screen->base )
            return;
        if ( \'plugins\' == $screen->base )
            return;
    }

    if ( !is_user_logged_in() )
        return;

    wp_get_current_user();
if( isset($user->ID) ) {
     $changed_password = get_user_meta( $current_user->ID, \'force-password-change\', true ) ;
  if( $changed_password == true ) {
        return get_site_url(\'/changement-mdp/\');
        } else {
         return $redirect_to;
       }
        }
}
我在pippin代码中添加了一行代码,以删除更改后的usermeta强制密码更改,但它不起作用。没有错误,但我总是在数据库中看到这个meta\\u键及其值

if(empty($errors)){//在此处更改密码$user\\u data=数组(\'ID\'=>$user\\u ID,\'user\\u pass\'=>$\\u POST[\'pippin\\u user\\u pass\']);wp\\u update\\u user($user\\u data);delete\\u user\\u meta($user\\u ID,\'强制密码更改\',1);//在此处发送密码更改电子邮件(如果wp没有)wp\\u重定向(add\\u query\\u arg(\'password-reset\',\'true\',$\\u POST[\'pippin\\u redirect\']);退出;}

成功更改密码后的重定向不起作用。密码已更改,但我返回页面更改密码。

我安装了Peter的重定向,以根据他的角色重定向用户。如何在他更改密码后而不是之前重定向他?

谢谢你的帮助,我完全迷路了!

编辑12月19日

我一直在寻找解决方案。我试图通过添加来自pippinplugins的代码来修改强制更改密码插件。但是肯定有很多错误,因为我在前端和管理上有一个白色页面。你能帮我找出错误吗?

非常感谢

<?php
/*
Plugin Name:  Force Password Change
Description:  Require users to change their password on first login.
Version:      0.6
License:      GPL v2 or later
Plugin URI:   https://github.com/lumpysimon/wp-force-password-change
Author:       Simon Blackbourn
Author URI:   https://twitter.com/lumpysimon
Author Email: simon@lumpylemon.co.uk
Text Domain:  force-password-change
Domain Path:  /languages/



About this plugin
-----------------

This plugin redirects newly-registered users to the Admin -> Edit Profile page when they first log in.
Until they have changed their password, they will not be able to access either the front-end or other admin pages.
An admin notice is also displayed informing them that they must change their password.

New administrators must also change their password, but as a safety measure they can also access the Admin -> Plugins page.

Please report any bugs on the WordPress support forum at http://wordpress.org/support/plugin/force-password-change or via GitHub at https://github.com/lumpysimon/wp-force-password-change/issues

Development takes place at https://github.com/lumpysimon/wp-force-password-change (all pull requests will be considered)



About me
--------

I\'m Simon Blackbourn, co-founder of Lumpy Lemon, a small & friendly UK-based
WordPress design & development company specialising in custom-built WordPress CMS sites.
I work mainly, but not exclusively, with not-for-profit organisations.

Find me on Twitter, Skype & GitHub: lumpysimon



License
-------

Copyright (c) Lumpy Lemon Ltd. All rights reserved.

Released under the GPL license:
http://www.opensource.org/licenses/gpl-license.php

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.



*/



$force_password_change = new force_password_change;



class force_password_change {



// just a bunch of functions called from various hooks
function __construct() {

    add_action( \'init\',                    array( $this, \'init\' ) );
    add_action( \'user_register\',           array( $this, \'registered\' ) );
    add_action( \'personal_options_update\', array( $this, \'updated\' ) );
    add_action( \'template_redirect\',       array( $this, \'redirect\' ) );
    add_action( \'current_screen\',          array( $this, \'redirect\' ) );
    add_action( \'admin_notices\',           array( $this, \'notice\' ) );

}



// load localisation files
function init() {

    load_plugin_textdomain(
        \'force-password-change\',
        false,
        dirname( plugin_basename( __FILE__ ) ) . \'/languages\'
        );

}



// on ajoute un champ meta dans la table users_meta avec la valeur 1 lors de l\'enregistrement
function registered( $user_id ) {

    add_user_meta( $user_id, \'force-password-change\', 1 );

}
    // on efface cette valeur quand le mot de passe a été changé
function updated( $user_id ) {

    if($_POST[\'pippin_user_pass\'] == $_POST[\'pippin_user_pass_confirm\']) {

    delete_user_meta( $user_id, \'force-password-change\' );
    }
}

/*shortcode pour modifier le mdp*/
function pippin_change_password_form() {
global $post;

if (is_singular()) :
    $current_url = get_permalink($post->ID);
else :
    $pageURL = \'http\';
    if ($_SERVER["HTTPS"] == "on") $pageURL .= "s";
    $pageURL .= "://";
    if ($_SERVER["SERVER_PORT"] != "80") $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
    else $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
    $current_url = $pageURL;
endif;
if(empty($errors)){
$redirect = home_url();}
else {
$redirect = $current_url;}

ob_start();

    // afficher les éventuelles erreurs lors de la saisie du nouveau mot de passe
    pippin_show_error_messages(); ?>

    <?php if(isset($_GET[\'password-reset\']) && $_GET[\'password-reset\'] == \'true\') { ?>
        <div class="pippin_message success">
            <span><?php _e(\'Password changed successfully\', \'rcp\'); ?></span>
        </div>
    <?php } ?>
    <form id="pippin_password_form" method="POST" action="<?php echo esc_url($url); ?>">
        <fieldset>
            <p>
                <label for="pippin_user_pass"><?php _e(\'New Password\', \'rcp\'); ?></label>
                <input name="pippin_user_pass" id="pippin_user_pass" class="required" type="password"/>
            </p>
            <p>
                <label for="pippin_user_pass_confirm"><?php _e(\'Password Confirm\', \'rcp\'); ?></label>
                <input name="pippin_user_pass_confirm" id="pippin_user_pass_confirm" class="required" type="password"/>
            </p>
            <p>
                <input type="hidden" name="pippin_action" value="reset-password"/>
                <input type="hidden" name="pippin_redirect" value="<?php echo $redirect; ?>"/>
                <input type="hidden" name="pippin_password_nonce" value="<?php echo wp_create_nonce(\'rcp-password-nonce\'); ?>"/>
                <input id="pippin_password_submit" type="submit" value="<?php _e(\'Change Password\', \'pippin\'); ?>"/>
            </p>
        </fieldset>
    </form>
<?php
return ob_get_clean();
}

// le formulaire de modification de mot de passe
function pippin_reset_password_form() {
if(is_user_logged_in()) {
    return pippin_change_password_form();
}
}
add_shortcode(\'password_form\', \'pippin_reset_password_form\');


// si:
// - on est loggé,
// - le champ meta est présent pour cet utilisateur,
// - on est sur le front-end ou n\'importe quel écran sauf la page d\'édition de profil ou plugins,
// alors on redirige vers la page de changement de mot de passe (modif code Force Password Change)
function force_password_change_redirect() {

    global $current_user;

    if ( is_admin() ) {
        $screen = get_current_screen();
        if ( \'profile\' == $screen->base )
            return;
        if ( \'plugins\' == $screen->base )
            return;
    }

    if ( !is_user_logged_in() )
        return;

    wp_get_current_user();

     $changed_password = get_user_meta( $current_user->ID, \'force-password-change\', true ) ;
  if( $changed_password == true ) {
        return get_site_url(\'/changement-mdp/\');
        } else {
         return $redirect_to;
       }

}

function pippin_reset_password() {
// reset a users password
if(isset($_POST[\'pippin_action\']) && $_POST[\'pippin_action\'] == \'reset-password\') {

    global $user_ID;

    if(!is_user_logged_in())
        return;

    if(wp_verify_nonce($_POST[\'pippin_password_nonce\'], \'rcp-password-nonce\')) {

        if($_POST[\'pippin_user_pass\'] == \'\' || $_POST[\'pippin_user_pass_confirm\'] == \'\') {
            // password(s) field empty
            pippin_errors()->add(\'password_empty\', __(\'Please enter a password, and confirm it\', \'pippin\'));
        }
        if($_POST[\'pippin_user_pass\'] != $_POST[\'pippin_user_pass_confirm\']) {
            // passwords do not match
            pippin_errors()->add(\'password_mismatch\', __(\'Passwords do not match\', \'pippin\'));
        }

        // retrieve all error messages, if any
        $errors = pippin_errors()->get_error_messages();

        if(empty($errors)) {
            // change the password here
            $user_data = array(
                \'ID\' => $user_ID,
                \'user_pass\' => $_POST[\'pippin_user_pass\']
            );
    delete_user_meta( $user_id, \'force-password-change\',1 );
            wp_update_user($user_data);

            // send password change email here (if WP doesn\'t)
            wp_redirect(add_query_arg(\'password-reset\', \'true\', $_POST[\'pippin_redirect\']));
            exit;
        }
    }
}
}
add_action(\'init\', \'pippin_reset_password\');

if(!function_exists(\'pippin_show_error_messages\')) {
// displays error messages from form submissions
function pippin_show_error_messages() {
    if($codes = pippin_errors()->get_error_codes()) {
        echo \'<div class="pippin_message error">\';
            // Loop error codes and display errors
           foreach($codes as $code){
                $message = pippin_errors()->get_error_message($code);
                echo \'<span class="pippin_error"><strong>\' . __(\'Error\', \'rcp\') . \'</strong>: \' . $message . \'</span><br/>\';
            }
        echo \'</div>\';
    }
}
}

if(!function_exists(\'pippin_errors\')) {
// used for tracking error messages
function pippin_errors(){
    static $wp_error; // Will hold global variable safely
    return isset($wp_error) ? $wp_error : ($wp_error = new WP_Error(null, null, null));
}
}
// if the user meta field is present, display an admin notice
function notice() {

    global $current_user;

    wp_get_current_user();

    if ( get_user_meta( $current_user->ID, \'force-password-change\', true ) ) {
        printf(
            \'<div class="error"><p>%s</p></div>\',
            __( \'Please change your password in order to continue using this website\', \'force-password-change\' )
            );
    }

}



} // class
谢谢你的帮助!

1 个回复
SO网友:anmari

您已经拥有了几乎所有您需要的东西(假设您列出的以上插件都可以工作)。您只需将它们链接起来:

激活pippins更改密码插件(&L);创建一个页面,其中包含该页面的短代码。测试该页面是否允许登录用户更改其密码。请注意页面的URL,不要更改它如果这两个插件和它听起来都像您描述的那样,那么应该这样做。

测试用户一旦被迫更改密码,当他们注销并再次登录时,他们不会再次被迫更改密码,这始终是一个好主意

标签: users   password   小码农  

相关推荐

如何在执行了钩子“preGet_USERS”之后获得所有的用户列表?

我在管理用户仪表板中有一个名为“用户类型”的自定义过滤器,我已经解决了在用户管理仪表板中显示它们的问题。但我不知道如何调用它们并将其保存在数组中,以便获取user\\u id并执行另一个操作。我的另一个操作是获取某个用户的所有元键,并将它们导出到excel文件中。但在我可以这样做之前,我应该有一个选项来过滤它们或只是导出所有用户,我已经执行了这项操作。function add_course_section_filter() { if ( isset( $_GET[ \'user_type\