Hi @karlosuccess
In order to add custom validation rules to the forms, you need to have coding knowledge so that you can make use of the plugin’s built-in hooks and filters.
You can see here that the plugin has a filter that allows you to add custom validation rules: https://github.com/WPUserManager/wp-user-manager/blob/master/includes/wpum-forms/class-wpum-form-registration.php#L64 I’m using that filter to add the password validation. That line then calls this function https://github.com/WPUserManager/wp-user-manager/blob/master/includes/wpum-forms/class-wpum-form-registration.php#L107
That’s how the plugin is validating passwords. In order to add your own method you’d need to disable the built-in filter first with https://codex.ww.wp.xz.cn/Function_Reference/remove_filter and then add your own.
An easy example on how to add validation rules in your own plugins, can be found within the “username length” addon that I’ve built. See here https://github.com/WPUserManager/wpum-username-length/blob/master/includes/actions.php
Hope this helps.
In my functions.php file:
I am removing the filter with
remove_filter( 'submit_wpum_form_validate_fields', array( 'WPUM_Form_Registration', 'validate_password' ), 10 );
But it is STILL validating the βbe at least 8 characters long and contain at least 1 number, 1 uppercase letter and 1 special character.β
Can you please advise what can be wrong?
#####
Then after that, I will add a new filter with
add_filter( 'submit_wpum_form_validate_fields', [ 'WPUM_Form_Registration', 'my_custom_validate_password' ], 10, 4 );
Is that correct???
Please help!
Thanks
I consider the current sanitizing of the password field on version 2.0.3 and 2.0.4 Change Password screen to be an error since anything is allowed in a password, so I adjusted the get_posted_field function before the return in \includes\abstracts\abstract-wpum-form.php, with the following code to get it to leave the password field alone because, by default, it was removing all occurrences of % followed by two digits in the password field. This likely would not help anything but the Change Password page because of the different field names.
//before the return to avoid allowing a modified password
if (substr($key,0,8)===’password’){return isset( $_POST[ $key ] ) ? $_POST[ $key ] : ”;}
This clearly is not the correct adjustment to make nor the correct way to do it, but I will wait for an update.
Regardless of this issue, thanks for a great plugin.
Hey @marketsupchuck
Thanks for reporting this, I’ll have a look into it for the next update.
@alessandrotesoro is my code correct? I need deactivate this new password difficulty function and add a different one. Thanks
Hi @karlosuccess
Sorry I forgot to reply to your previous message yesterday.
Because many other people have asked me about disabling the feature, I’ll add an option into the next update that’ll be released next week to disable the built-in strong passwords so then you can then add your custom built-on methods.
Great! Thank you! looking forward this update!! π
@alessandrotesoro Any update on this topic please?
User registration password STILL set to βbe at least 8 characters long and contain at least 1 number, 1 uppercase letter and 1 special character.β
Thank you!
Hi @karlosuccess
There’s a new option now in v2.0.5. Go to Users -> settings -> profiles and you’ll see a setting to disable the built-in strong passwords. You can then add your own validation method.
