Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
07/04/2020 01:29:50 PM (4 years ago)
Author:
imath
Message:

BP Members: improve our password validation process

We're introducing a new function to validate the member's chosen password: bp_members_validate_user_password().

This function is primarly used to check the password is not empty, and to make sure the password confirmation matches the password. If it's the case, the function will return a WP_Error object with no error message. Otherwise this object will contain an error message.

Plugins can now use the bp_members_validate_user_password filter to add their own error messages according to a custom validation process. See the last unit tests of this commit for an example of use.

Props devnik, tharsheblows

Fixes #8066

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-members/screens/register.php

    r12178 r12679  
    6060
    6161        // If there are errors with account details, set them for display.
    62         if ( !empty( $account_details['errors']->errors['user_name'] ) )
     62        if ( ! empty( $account_details['errors']->errors['user_name'] ) ) {
    6363            $bp->signup->errors['signup_username'] = $account_details['errors']->errors['user_name'][0];
    64 
    65         if ( !empty( $account_details['errors']->errors['user_email'] ) )
     64        }
     65
     66        if ( ! empty( $account_details['errors']->errors['user_email'] ) ) {
    6667            $bp->signup->errors['signup_email'] = $account_details['errors']->errors['user_email'][0];
    67 
    68         // Check that both password fields are filled in.
    69         if ( empty( $_POST['signup_password'] ) || empty( $_POST['signup_password_confirm'] ) )
    70             $bp->signup->errors['signup_password'] = __( 'Please make sure you enter your password twice', 'buddypress' );
    71 
    72         // Check that the passwords match.
    73         if ( ( !empty( $_POST['signup_password'] ) && !empty( $_POST['signup_password_confirm'] ) ) && $_POST['signup_password'] != $_POST['signup_password_confirm'] )
    74             $bp->signup->errors['signup_password'] = __( 'The passwords you entered do not match.', 'buddypress' );
     68        }
     69
     70        $signup_pass = '';
     71        if ( isset( $_POST['signup_password'] ) ) {
     72            $signup_pass = wp_unslash( $_POST['signup_password'] );
     73        }
     74
     75        $signup_pass_confirm = '';
     76        if ( isset( $_POST['signup_password_confirm'] ) ) {
     77            $signup_pass_confirm = wp_unslash( $_POST['signup_password_confirm'] );
     78        }
     79
     80        // Check the account password for problems.
     81        $account_password = bp_members_validate_user_password( $signup_pass, $signup_pass_confirm );
     82        $password_error   = $account_password->get_error_message();
     83
     84        if ( $password_error ) {
     85            $bp->signup->errors['signup_password'] = $password_error;
     86        }
    7587
    7688        if ( bp_signup_requires_privacy_policy_acceptance() && ! empty( $_POST['signup-privacy-policy-check'] ) && empty( $_POST['signup-privacy-policy-accept'] ) ) {
Note: See TracChangeset for help on using the changeset viewer.