admin_post.php not working only when logged in and not admin

  • Hi,

    I can’t figure out what happens with my post_admin hook.
    Here is my code in a custom plugin :

    /** Shortcode pour créer un formulaire de réinitialisation du mot de passe **/
add_shortcode("NEO7_FIRSTPASSWORD", "neo7_first_password_form");

function neo7_first_password_form( $attrs ) {

	global $current_user;
	if (is_user_logged_in()){
		$output='<!-- Change Password Form -->';
		$output.='	<form action="'.esc_url( admin_url('admin-post.php') ).'" method="post" class="neo7_change_password_form">';
		$output.='		<div><label for="password">Nouveau mot de passe</label><br/>';
		$output.='		<input name="password" type="password" class="form-control password1" /></div>';
		$output.='		<div><label for="password2">Saisir à nouveau le mot de passe</label><br/>';
		$output.='		<input name="password2" type="password" class="form-control password2" /></div>';
		$output.='		<input type="hidden" name="action" value="first_password">';;
		$output.='		<input type="submit" name="btn-change-pass" class="um-button" id="btn-change-pass" value="Changer le mot de passe"/>';
		$output.='	</form>';
	}
	else{$output="Accès non autorisé à cette page.";}
	return $output;
}

add_action( 'admin_post_nopriv_first_password', 'admin_first_password' );
add_action( 'admin_post_first_password', 'admin_first_password' );

function admin_first_password() {
    global $current_user;
	error_log("Lancement de la fonction admin_first_password() pour exécuter le changement de mot de passe.");

    if(isset($_POST['action']) && $_POST['action'] == 'first_password') {

        //Sanitize received password
        $password = sanitize_text_field($_POST['password']);
        error_log("Mot de passe bien re?u : ".$password);
        // Define arguments that will be passed to the wp_update_user()
        $userdata = array(
            'ID'        =>  $current_user->ID,
            'user_pass' =>  $password // WordPress automatically applies the wp_hash_password() function to the user_pass field.
        );
        $user_id = wp_update_user($userdata);

        // wp_update_user() will return the user_id on success and an array of error messages on failure.
        // so bellow we are going to check if the returned string is equal to the current user ID, if yes then we proceed updating the user meta field
        if($user_id == $current_user->ID){
            update_user_meta($current_user->ID, 'neo7_changepass_status', 1);
            wp_redirect( home_url( '/mot-de-passe-ok/' ) );

        } else {
            wp_redirect( home_url( '/mot-de-passe-erreur/' ) );
        }
    }
    // Always exit to avoid further execution
    exit();
}

    As you can see, I have a shortcode creating a form in order to change the password.

    WHAT IS STRANGE : the hook is triggered normally when I’m logged out (useless in my context) and when I’m logged in as an admin.
    But it is not triggered when I’m logged in as a member.
    I tried both with the FORM submition and using directly the URL (…/wp-admin/admin-post.php?action=first_password)

    I put a log in admin-post.php, but it is not called (by the way, how is it possible when the URL is called directly..?). And once again, it IS triggered when logged as an admin.

    Any suggestion would help…

    Thank you

Viewing 1 replies (of 1 total)
  • NuEngine Technologies

    (@nuengine-technologies)

    Please use admin_post while submitting a form in wp-admin area;

    admin_post_* works well when user is logged in and has admin access, admin_post_nopriv_* is for guest users.

    But when you want to submit form in front end (for logged or non logged in users)

    You should use wp_ajax_* and wp_ajax_nopriv_* hooks, It works exactly same as admin_post.

    You will also need to change your form action to admin_url('admin-ajax.php'); wp_ajax is used for ajax form submission but you can also use it for normal form submissions.

    While doing normal form submission please also remember to redirect page with wp_redirect at the end of your function.

Viewing 1 replies (of 1 total)
  • The topic ‘admin_post.php not working only when logged in and not admin’ is closed to new replies.